Ponemon Institute Fellows
Linda Ackerman is an attorney who works on health information privacy issues. Most recently, she wrote a report titled "Mobile Health and Fitness Applications and Information Privacy" for Privacy Rights Clearinghouse and helped develop the content for the World Privacy Forum's online guide to health information exchanges in California.
She was a principle contributor to the development of the California Attorney General's as yet unpublished guide to medical identity theft. She is currently working on a project with the Electronic Frontier Foundation, developing content for an educational website on electronic health information exchange and privacy. She has also written a number privacy and security policies and data sharing agreements for health information exchanges.
Alessandro Acquisti is an associate professor at the Heinz College, Carnegie Mellon University (CMU) and the co-director of CMU Center for Behavioral and Decision Research. He investigates the economics of privacy. His studies have spearheaded the application of behavioral economics to the analysis of privacy and information security decision making, and the analysis of privacy and disclosure behavior in online social networks.
Alessandro holds a PhD from UC Berkeley, and Master degrees from UC Berkeley, the London School of Economics, and Trinity College Dublin. He has held visiting positions at the Universities of Rome, Paris, and Freiburg (visiting professor); Harvard University (visiting scholar); University of Chicago (visiting fellow); Microsoft Research (visiting researcher); and Google (visiting scientist). He has been a member of the National Academies' Committee on public response to alerts and warnings using social media.
Ed Adams is a software executive with successful leadership experience in various-sized organizations that serve the IT security and quality assurance industries. As CEO, Mr. Adams applies his security and business skills, as well as his pervasive industry experience in the software quality space, to direct application security experts to help organizations understand the risks in their software systems and develop programs to mitigate those risks. The company has delivered high-quality risk solutions to the most recognizable companies in the world including Microsoft, IBM, Fedex, ING, Nationwide and HP.
Mr. Adams founded the Application Security Industry Consortium, Inc. (AppSIC), a non-profit association of industry analysts, enterprise technologists, and security leaders established to define cross-industry application security metrics and best practices. The non-profit eventually morphed into SAFECode at which point Mr. Adams got more engaged with other industry initiatives, including OWASP. Mr. Adams is on the board of the National Association of Information Security Groups (NAISG) as well as the Massachusetts North Shore Technology Council (NSTC).
No stranger to the podium, Mr. Adams has presented to thousands at numerous seminars, software industry conferences, and private companies. He has contributed written and oral commentary for business and technology media outlets such as New England Cable News, CSO Magazine, SC Magazine, CIO Update, Investor's Business Daily, Optimize and CFO Magazine. Mr. Adams is in the process of co-writing a book titled "Winning Cyber War", which will be published by Jones & Bartlett, and is authoring his own title, "Application Security Maturity" – both due out in 2012. He maintains a blog with CSO Magazine, is a columnist for CIO Update and can be followed on Twitter.
Mr. Adams earned his MBA degree with honors from Boston College and has B.A. degrees in Mechanical Engineering and English Literature from the University of Massachusetts.
Phil Agcaoili leads security at Cox Communications as the the Chief Information Security Officer and has represented GE, VeriSign, Alcatel, Scientific-Atlanta, Cisco, Dell and Cox in their respective Corporate Security, Privacy, Risk and Compliance Councils. He's shaping US cybersecurity as committee co-chair of the Communications Sector Coordinating Council and FCC CSRIC, and as a member of US Cybersecurity Framework development, NCTA and USTelecom Cyber Security Working Groups and the Communications ISAC.
Phil has shaped the direction of cloud computing as a founding member of the Cloud Security Alliance (CSA) and inventor/co-author of the Cloud Controls Matrix (CCM), GRC Stack, and Cloud Security, Trust, and Assurance Registry (STAR), set eDiscovery standards with EDRM, leads privacy research as the chairman of the Ponemon Institute Fellows and as a Distinguished Fellow, and is a co-founder of the Southern CISO Security Council. He has led the security and privacy assurance industry by helping re-align the American Institute for Certified Public Accountants (AICPA) SAS 70 attestation replacement SSAE 16 SOC 1 with SOC 2.
Phil won the inaugural Information Security Executive of the Decade Award in 2012, 2012 RSA Conference Award for Excellence in the Field of Security Practices, 2010 Information Security Magazine Security 7 Award, and 2009 Information Security Executive of the Year Central Award. Phil’s teams at Cox, Dell, Scientific-Atlanta, Alcatel, and VeriSign were all recognized for their teamwork and security achievements, and many of his proteges lead other successful global security teams or have started their own companies.
James J. Allen, CIPP
Jim Allen is a well-known and highly respected privacy and risk management expert with over 25 years experience. In his most recent position as Chief Privacy Officer for Agilent Technologies, headquartered in Silicon Valley, he led the development and implementation of a comprehensive worldwide customer and employee privacy program. Mr. Allen was instrumental in making privacy a company value. As a result, privacy has been included in the company's annual Social Responsibility report.
Mr. Allen has a reputation for a practical and cost effective approach to very complicated issues. Many of his outcomes have been recognized as best practices and Mr. Allen is often requested to share his expertise at meetings, conferences and educational seminars. This has included presentations at the annual IAPP conferences and the Practicing Law Institute. He has a passion for the topic of privacy and looks forward to making significant contributions in the future.
Yariv Alpher is a seasoned strategist and market researcher whose work has focused on business strategy, innovation and product development, and brand positioning and architecture. He's experienced in a variety of industries, including IT, financial services, media and CPG, and has a wealth of international experience, having led research initiatives in the U.S., Europe, Japan, India, China, Latin America and the Middle East.
Yariv is currently the Chief Research and Customer Insights Officer at Lodestar Research, a boutique consultancy that focuses on b2b clients in the IT, financial services, healthcare and Federal/Gov sectors. Previously Yariv was Vice President of Marketing Research at CA Technologies (formerly Computer Associates), where he established the market research function, supporting all business units globally. Here, Yariv was closely involved with CA's turnaround, rebranding and the increased focus on cloud computing, virtualization and security. Prior, Yariv held senior positions in both the research and financial services sectors.
Over the years Yariv has conducted dozens of studies that focus on IT security, information management and risk management. These have spanned a gamut of issues, from understanding perceptions of vendors in the categories, gauging specific needs and trends, and informing on the relationship between security/risk and strategic business and IT initiatives (such as the adoption of cloud platforms and solutions).
Yariv earned a BA in History and Philosophy from Tel Aviv University, and holds an MA in the social sciences from the University of Chicago (focus on the evolution of consumer communities). Yariv earned a second MA in sociology from New School University (focus on workplace dynamics), where he also completed his doctoral coursework.
Yariv lives with his wife and two children in Westchester County, New York.
Jerry L. Archer, CISSP
Jerry Archer is senior vice president and chief security officer for Sallie Mae. Mr. Archer's responsibilities include securing and protecting consumer privacy and for information security initiatives across the enterprise. Prior to this position, Mr. Archer was the chief information security officer for Intuit's global operations.
Prior to Intuit, Archer was managing director at Global Competitive Strategies, LLC, where he provided insight and validation in the areas of policy, technology, products and strategy to a broad array of firms and government. Previously, Mr. Archer was senior vice president for Global Interoperability at Visa International, where his team codified the policies, standards and best practices for Visa systems and networks globally. Before Visa, at the Fidelity Brokerage Company, he was senior vice president of information security and technical risk providing leadership for the brokerage company's operational and strategic security and risk programs.
Earlier his work in the U.S. Intelligence Community earned Mr. Archer the National Performance Review Hammer Award, a Distinguished Service Award from the Central Intelligence Agency and a Meritorious Unit Citation from the National Security Agency. Mr. Archer is a member of many professional and industry groups such as the ACM, IEEE, ISAC, ISC2, and ISSAC.
Eric Ashdown is Asia Chief Security Advisor at Microsoft and is headquartered in Singapore. Mr. Ashdown is a risk management, strategy, security and privacy senior leader with a track record of success in demanding large corporate and entrepreneurial environments. Previously, he was Senior Director and Partner, Global Security Strategy & Risk Management at Accenture and Senior Director of Business Online Services, Risk Management at Microsoft Corporation.
According to Mr. Ashdown, he has taken an entrepreneur's attitude toward new businesses, new projects, business turnarounds, consulting and positions held. This has honed an ability to look holistically at problems and challenges, across cultures, while operating in an increasingly borderless world. The range of geographies where Mr. Ashdown has used these skills includes China, Hong Kong, Taiwan, Hungary, the US, UK, Canada, Malaysia, Jordan, Singapore, Germany, Macau and Brunei.
Simon Blackwell is the CTO at DNA Response, Inc., a multi-channel consumer products marketing company, serving manufacturers selling direct to consumers through TV, brick-and-mortar, and eCommerce channels.
Prior to DNA Response, Mr. Blackwell has worked across a broad spectrum of industries including software development, telecommunication, aerospace/defense, financial services, pharmaceutical, and toy/game companies a few of which include Bell Core, NASA, Dept of Defense, Goldman Sachs, Liberty Mutual, Washington Mutual, Johnson & Johnson, and Hasbro/Wizards of the Coast. He has served as Consultant, a Senior Vice President in a 65,000 employee bank as well as a Company Founder, a CTO, and a Chief Architect.
He has technical expertise in expert systems, data privacy/security and eCommerce for which has developed products, filed patents, spoken at conferences, served on advisory boards and participated in industry standards bodies. His data privacy/security background includes the development of anti-virus software, key based authentication mechanisms, eXensible Access Control Markup Language, and globally distributed customer data management systems as well as dealing with the regulatory processes in the industries he has served.
Christopher Budd is a communications manager with Trend Micro. His focus is on communications around online security and privacy threats to help people understand in plain English the risks they face and what they can do about them. In addition, he focuses on managing crisis communications utilizing a framework and processes he helped put in place.
Prior to Trend Micro, Christopher worked as an independent consultant focused on helping clients build crisis communications frameworks for online security and privacy incidents. Christopher draws on his experience as a ten-year veteran of the Microsoft Corporation, where he oversaw and managed worldwide internal and external communications around security and privacy incidents affecting Microsoft customers. During his tenure at Microsoft, he pioneered new strategies and tactics embracing new media technologies that dramatically improved the handling of communications around incidents and helped, as he likes to say, “make awful news just bad”.
Christopher is a seasoned spokesperson and speaker and presenter. He has been an expert on television and radio numerous times. At Microsoft he led a live monthly security webcast for over six years. He has also given numerous presentations on communications and technology at a variety of technology and non-technology conferences.
Christopher is a widely published author on technology and other topics. He currently contributes a monthly column on Social Media and Online Security to the Windmilll Networking blog as well as regular contributions to Geekwire and Betanews. He is a regular presence on Trend Micro’s blogs for security experts and consumers. He has been a monthly columnist for TechTarget on Microsoft security issues. He is also co-author of two books. Outside of technology topics, he has authored numerous articles on topics ranging from history to philosophy and gaming and is a contributing author to a book on the history of philosophy.
He earned a Bachelor of Arts in Comparative Religion from Oberlin College and a Master of Arts in Philosophy with honors from St. John’s College.
His interests include music, history, psychology, mythology, and comparative religion. You can read his personal blogs at christopherbudd.com, Andante, and Taklamakan. He lives outside of Seattle with his family, including four cats and a dog.
Dr. Ann Cavoukian is recognized as one of the leading privacy experts in the world. Noted for her seminal work on Privacy Enhancing Technologies (PETs) in 1995, her concept of Privacy by Design seeks to proactively embed privacy into the design specifications of information technology and accountable business practices, thereby achieving the strongest protection possible. In October, 2010, regulators from around the world gathered at the annual assembly of International Data Protection and Privacy Commissioners in Jerusalem, Israel, and unanimously passed a landmark Resolution recognizing Privacy by Design as an essential component of fundamental privacy protection. This was followed by the U.S. Federal Trade Commission’s inclusion of Privacy by Design as one of its three recommended practices for protecting online privacy – a major validation of its significance.
An avowed believer in the role that technology can play in the protection of privacy, Dr. Cavoukian’s leadership has seen her office develop a number of tools and procedures to ensure that privacy is strongly protected, not only in Canada, but around the world. She has been involved in numerous international committees focused on privacy, security, technology and business, and endeavours to focus on strengthening consumer confidence and trust in emerging technology applications.
Dr. Cavoukian serves as the Chair of the Identity, Privacy and Security Institute at the University of Toronto, Canada. She is also a member of several Boards including, the European Biometrics Forum, Future of Privacy Forum, RIM Council, and has been conferred as a Distinguished Fellow of the Ponemon Institute. Dr. Cavoukian was honoured with the prestigious Kristian Beckman Award in 2011 for her pioneering work on Privacy by Design and privacy protection in modern international environments. In the same year, Dr. Cavoukian was also named by Intelligent Utility Magazine as one of the Top 11 Movers and Shakers for the Global Smart Grid industry, received the SC Canada Privacy Professional of the Year Award, was honoured by the University of Alberta Information Access and Protection of Privacy Program for her positive contribution to the field of privacy, and was ranked by Women of Influence Inc. as one of the top 25 Women of Influence recognizing her contribution to the Canadian and global economy. This award follows her recognition in 2007 from the Women’s Executive Network as one of the Top 100 Most Powerful Women in Canada.
Uma is Vice President of Security, Reliability, and Eco-Environmental Engineering Group in Bell Labs, Alcatel-Lucent. She leads a global team focused on realizing key secure and reliable transformations in information communications technologies networks. She brings extensive global experience and leadership in the field of security, reliability, interoperability, information security standards management, operations systems, software development, and quality assurance.
She has the distinction of having worked directly for an operator (Bell Canada), supplier (Lucent and then Alcatel-Lucent), R&D (Bell Labs/Bellcore/Bell Northern Research), and operating as a start-up producing new software-based products (Bellcore).
Uma has leveraged her experiences to positively impact the relationship between ICT systems and Critical National Infrastructure Segments. She has held various industry positions, including representing the US delegation in the SC27 ISO/IEC 27000 series standards, co-editor for ISO/IEC 27003 series standard, and editor/co-editor for ITU global standards, and a council member on the CSRIC FCC.
Uma has published papers, editor of a special issue on security Bell Labs Technical Journal, contributed to Web 2.0+ Security textbook, and holds patents in the network security and reliability. She is currently an executive contributor of the QuEST forum representing TL9000 quality metric standards, Advisory Board member of the School of Business at Montclair State University, and serves on the Federal Communications Commission's Security, Reliability, and Interoperability Council
(CSRIC) council. Uma is also CISSP, CISA, CISM, CRISC, and PMP certified. Uma has a BS, MS in Electrical Engineering, graduate of Advanced Technology Innovations program at Carnegie Mellon and is a graduate of the Executive Program at Kelloggs School of Management.
Alan Chapell, CIPP
Alan Chapell is the founder of Chapell & Associates, a premier research and consulting firm focusing on consumer privacy.
He established the privacy program at Jupiter Research, which targets the consumer Internet economy. Chapell created and implemented DoubleClick's research product suite, which produced advertising effectiveness products that measure the brand impact of online advertising. He also worked with e-mail marketing firms, including Yesmail (now a division of Experian), where he assisted clients with privacy issues.
He is a regular contributor to the iMedia Connection, the DMNews, and the International Association of Privacy Professionals' Privacy Officer Advisor.
Harry C. Chapman, CMC
Harry Chapman is a founder and principal of the San Francisco-based Bay Area Consulting Group LLC. His work with a division of Wells Fargo Bank in developing and implementing a balanced scorecard is now taught at the Harvard Business School. Chapman has helped large organizations develop balanced scorecards in the United States, Canada, and South Africa. He leads a two-day seminar on the Balanced Scorecard every six months in Rome.
Chapman has developed a balanced scorecard framework tailored to privacy. He is an expert in developing practical and effective performance measurement programs directed toward improving organizational performance.
He is a founder of the Bay Area Consultants Network, a non-profit organization dedicated to enabling consultants to become more effective.
Keith A. Cheresko is a Principal of Privacy Associates International LLC. Privacy Associates International is a Michigan-based privacy consultancy delivering experienced-based, practical guidance in assisting its clients address all aspects of privacy. Mr. Cheresko spent the majority of his career at Ford Motor Company as a member of the Office of the General Counsel. During his 26 year tenure at Ford, he held an assortment of legal assignments supporting Ford’s diverse business activities, including time with Ford Motor Credit Company, Ford’s finance subsidiary, where he played a role in the development of financial privacy policies and practices designed to meet the federal Gramm Leach Bliley Act’s financial privacy requirements. He also served as counsel to the Corporate Privacy Office and advised or chaired working groups addressing an assortment of privacy matters, from marketing-related activities to development of corporate-wide policies. In his last assignment before deciding to leave Ford, Mr. Cheresko was the primary privacy counsel and de facto privacy leader.
After leaving Ford and prior to joining Privacy Associates International LLC, Mr. Cheresko served briefly as general counsel to the Ponemon Institute, and continues serving as a long time member of the Ponemon Institute's Responsible Information Management Council’s Advisory Board. He is a member of the International Association of Privacy Professionals and a Certified Information Privacy Professional (CIPP/US/IT). Mr. Cheresko received a BA from the University of Michigan-Dearborn, a J.D. from Wayne State University, and is a member of the State Bar of Michigan and the American Bar Association.
James Christiansen is Chief Information Security and Risk Officer of RiskyData, an information security and privacy solutions corporation focused providing clients scalable and cost effective tools and services to manage their Information Risk. Prior to joining RiskyData, James was Chief Information Risk Officer for Evantix and CSO for Experian Americas. James had the overall responsibility for information security providing strategic direction and vision across Experian business units.
James joined Experian after serving as Chief Information Security Officer for General Motors where his responsibilities included worldwide implementation of security plan for the largest financial (GMAC) and the largest manufacturing corporation in the world. Prior to joining GM he was SVP and Division Head of Information Security for Visa International, responsible for their worldwide information security program.
James has been featured in the New York Times as one of the leaders in information security and has won three innovation awards in Cybersecurity, GRC, and Cloud Computing. He has an MBA in International Management, BS in Business Management and is the author of the “Internet Survival Series”, contributing author of “CISO Essentials” and numerous industry papers. James has been chair for the IT Fraud Summit, and co-chair of the ANSI study of the impact of security breaches on healthcare, a prominent speaker for prestigious events such as the Business Round Table, Research Board, American Bar Association, American Banker, RSA, BankInfoSecurity, ISSA and MIS Training Institute.
Mark Coderre is the Head of Enterprise Security Architecture for Aetna. His responsibilities include design, risk management, planning and governance of Aetna’s strategic security program. This comprehensive program balances Aetna’s compliance, asset protection and business enablement needs. Aetna has been recognized numerous times for security leadership in Identity Management and Enterprise Governance, Risk and Compliance. Mr. Coderre is active in the identity assurance space as it applies to the healthcare sector through the Kantara Initiative and the US National Strategy for Trusted Identities in Cyberspace (NSTIC).
In his 23 year career with Aetna, Mr. Coderre has provided continuous leadership in the evolution from distributed system security to centralized federated capabilities for information access and cyber threat management. His efforts and designs have allowed Aetna to effectively provide safe and seamless access for millions of Aetna’s Customers, Employees, Brokers and Providers.
A long-standing evangelist for the business value of “built-in security”, Mark has represented Aetna on a variety of industry forums, interviews, standards committees, customer meetings and advisory boards.
Mark Coderre earned a Bachelor of Science degree in Computer Science at Central Connecticut State University in 1989. Mark has received Certifications from the Information Systems Audit and Control Association (ISACA) in both Security Management and Risk Management.
Brian Contos, CISSP, is the Worldwide VP Sales Engineering and Professional Services at Solera Networks. Mr. Contos is a recognized security expert with nearly two decades of security engineering and management experience. He is the author of several books, including Enemy at the Water Cooler—Real-Life Stories of Insider Threats and Physical and Logical Security Convergence, which he co-authored with former NSA Deputy Director William Crowell.
Mr. Contos has worked with government organizations and Forbes Global 2000 companies in over 40 countries throughout North, Central and South America, the Caribbean, Europe, Africa, the Middle East, and Asia. He is an invited speaker at leading industry events like RSA, Interop, GFIRST, SANS, and OWASP and has written for and been interviewed by industry and business press such as CBS News, Bloomberg, Forbes, NY Times, and the London Times. He also helped build several successful security companies.
Mr. Contos was formerly senior director for emerging markets at McAfee, chief security strategist at Imperva, chief security officer at ArcSight, and director of engineering at Riptech. In addition, he has held security positions at Bell Laboratories, Tandem Computers, and the Defense Information Systems Agency (DISA). Brian is a graduate of the University of Arizona.
Dr. Don Lloyd Cook is currently counsel at Gill Ragon Owen, P.A. where he is focused on privacy and technology law, in particular working with new technology companies. He has previously served as a Director of Privacy at Lunarline, Inc. and at Walmart Stores, Inc. Additionally, he served as the Chief Privacy Officer and General Counsel of Feeva Technology, Inc., an online advertising firm and as a Senior Consultant for Acxiom Corporation, specializing in global privacy and regulatory issues. He is a member of the International Association of Privacy Professionals, the Arkansas Bar Association and the American Bar Association.
Dr. Cook regularly speaks on privacy issues and has authored academic publications relating to marketing, privacy and intellectual property. Dr. Cook has practiced general and appellate law in Arkansas, where he received his JD and MBA degrees from the University of Arkansas. He is licensed in state courts in Arkansas, federal district courts in Arkansas and the Northern District of Oklahoma, the Eighth Circuit Court of Appeals and the US Supreme Court, where he successfully opposed a Petition for Writ of Certiorari by the State of Arkansas.
Professional certifications include the CIPP (Certified Information Privacy Professional), CIPP/C (CIPP Canada) CHP (Certified HIPAA Professional) and CHSS (Certified HIPAA Security Specialist. He received his Ph.D. in Marketing from Virginia Tech where his dissertation focused on privacy regulation. While at Virginia Tech he was selected as the first Virginia Tech Congressional Fellow and was a Legislative Assistant in the office of Congressman Rick Boucher, a co-founder of the Internet Caucus. He has taught Consumer Behavior, Internet Law and eCommerce courses at universities in Virginia, Louisiana, Georgia and New Mexico.
Nick Copping, Ph.D.
Nick Copping is a technologist who began his career as a physicist at Cal Tech, later becoming a senior research director at JPL. Copping is a former director of corporate engineering for Hewlett-Packard and served as CEO of Atherton Technology and CRI. Copping started ZOOM Marketing with Ellie Victor in 1996. In 2004 he took a sabbatical from ZOOM to become a partner at Microsoft, where he developed the Microsoft Global SI strategy.
In his spare time, Copping builds and plays acoustic guitars, turns wild bowls in his woodshop, and sees just how long he can stay at the bottom chasing turtles in funny-looking scuba gear.
Joshua Corman is the Director of Security Intelligence for Akamai Technologies and has more than a decade of experience with security and networking software. Most recently he served as Research Director for Enterprise Security at The 451 Group following his time as Principal Security Strategist for IBM Internet Security Systems. Mr. Corman’s cross-domain research highlights adversaries, game theory and motivational structures. His analysis cuts across sectors to the core security challenges plaguing the IT industry, and helps to drive evolutionary strategies toward emerging technologies and shifting incentives.
Mr. Corman is a candid and highly-coveted speaker with engagements at leading industry events such as RSA, DEFCON, Interop, ISACA, and SANS. As a staunch advocate for CISOs, Corman also serves as a Fellow with the Ponemon Institute, on the Faculty for IANS, and co-founded Rugged Software – a value-based initiative to raise awareness and usher in an era of secure digital infrastructure. His passion for challenging the status quo won him the title of Top Influencer of IT by NetworkWold magazine in 2009. Corman received his bachelor’s degree in philosophy, graduating Phi Beta Kappa and summa cum laude, from the University of New Hampshire. He resides with his wife and two daughters in New Hampshire.
Malcolm Crompton is Managing Director of Information Integrity Solutions Pty Ltd (IIS), a global consultancy specialising in data protection and privacy strategies. IIS assists companies increase business value and customer trust and ensures government meets the high standards expected in the handling of personal information.
Malcolm is a Director of the International Association of Privacy Professionals Australia New Zealand (iappANZ), an affiliate of the International Association of Privacy Professionals (IAPP). He was founding President of iappANZ in 2008, a Director of IAPP from 2007 to 2011 and is an IAPP Certified Information Privacy Professional. Malcolm's global reputation and expertise in privacy was recognised when IAPP honoured Malcolm with the 2012 Privacy Leadership Award.
As Australia's Privacy Commissioner from 1999 to 2004, Malcolm led the implementation of private sector privacy law. He hosted the 25th International Conference of Data Protection and Privacy Commissioners in Sydney in 2003. Malcolm's global reputation is built on his forward thinking on the handling and governance of personal information and he has consequently been invited to speak at many events in the Americas, Europe and Asia Pacific.
Through IIS, Malcolm has advised the Asia-Pacific Economic Cooperation forum (APEC) regularly on implementation of the APEC privacy framework, including leading seminars held in Hong Kong, Korea and Australia. He has also consulted to the Organisation for Economic Cooperation and Development (OECD) and a wide range of industry sectors, including, technology and telecommunications, health, banking, finance, credit reporting and insurance, education, professional services, transport and parcel services, mining and manufacturing, travel and retail and government.
He is a member of the Microsoft Trustworthy Computing Academic Advisory Board and a number of Reference Groups for research projects on trust in the Internet funded through the European Commission. Malcolm is also a Director of Bellberry Limited, a private not-for-profit company which provides privacy and health ethics advisory services and is a Fellow of the Australian Institute of Company Directors.
Between 1996 and 1999, Malcolm was Manager of Government Affairs for AMP Ltd. In the previous 20 years, Malcolm held senior executive positions in the Federal Department of Finance, served as both a superannuation scheme trustee and scheme founder and worked in the Transport and Health portfolios. Malcolm has degrees in Chemistry and Economics and was awarded the inaugural Chancellor's Medal for distinguished contribution to the Australian National University.
Tom Cross is Director of Security Research at Lancope, where he works on advancing the state of the art in network behavioral anomaly detection with netflow. He has over a decade of experience as a computer security researcher and thought leader. He is credited with discovering a number of critical security vulnerabilities in enterprise-class software and has published papers on collateral damage in cyber conflict, vulnerability disclosure ethics, security issues in internet routers, encrypting open wireless networks, and protecting Wikipedia from vandalism.
Prior to Lancope, Tom served as Manager of Threat Intelligence and Strategy in IBM's X-Force Research organization. One of Tom's contributions at IBM was serving as the technical editor of the X-Force Trend Report, a biannual report that analyzes data about computer security vulnerability disclosures, trends in Internet attack activity, and other data sources that shed light on the state of the Internet threat landscape.
Tom has operated online social communities almost continuously since 1991. In 1996, Tom cofounded Electronic Frontiers Georgia, where he worked to protect the Constitutional rights of Internet users in the US State of Georgia. In 2001, Tom cofounded MemeStreams, an innovative collaborative blogging system that combined online social networking with reputation systems technology.
Tom frequently speaks on information security and technology policy issues at conferences around the world. He holds a Bachelor of Science in Computer Engineering from the Georgia Institute of Technology.
Jack Danahy is the Worldwide Security Executive for the Rational division of IBM, and is an international speaker and writer on topics of software, system, and data security. Jack is the original founder and CEO of two successful security software companies: Ounce Labs, sold to IBM in July of 2009, and Qiave Technologies, sold to Watchguard Technologies in 2000.
Mr. Danahy holds five patents in a variety of security technologies including secure distributed computing, software analysis, and secure system management. He is a contributor to industry and national security groups in the areas of data privacy, cybersecurity, critical infrastructure protection, and has contributed to legislation on computer security in both the US House and Senate.
Dennis Dayman has more than 20 years of experience combating spam, security/privacy issues, data governance issues, and improving email delivery through industry policy, ISP relations and technical solutions. As Eloqua’s Chief Privacy and Security Officer, Dayman leverages his experience and key relationships to provide best practices to Eloqua, its customers, and ensures the compliance of their communications data flows. He is also responsible for coordinating and managing Eloqua’s international electronic commerce, privacy and Internet related policy issues.
Prior to Eloqua, Dayman worked at StrongMail Systems as the Director of Deliverability, Privacy, and Standards. In that role, he handled all deliverability and privacy issues related to StrongMail customers and made best practice recommendations as StrongMail’s representative to a cross-industry alliance of ESPs, ISPs, online marketers and spam-filtering companies. He was also charged with ensuring that new email standards were created and instituted for the protection of legitimate email delivery. He was also charged with ensuring the product met and exceed data governance regulations.
Dayman has also served in the Internet Security and Legal compliance division for Verizon Online, as a senior consultant at Mail Abuse Prevention Systems (MAPS), and started his career as Director of Policy and Legal External Affairs for Southwestern Bell Global, now AT&T. In the ISP roles, Dayman investigated complaints of network abuse, managed discoveries and litigation, worked with the federal task force on e-crimes, and represented the company in relation to new federal and state legislation.
As a longstanding member of several boards and advisory committees within the messaging industry, including helping found and server on the Board of Director’s for the Messaging Anti-Abuse Working Group (MAAWG), serve on the Coalition Against Unsolicited Commercial Email (CAUCE) board, serve on the International Association of Privacy Professional (IAPP) advisory boards, server on the Email Sender and Provider Coalition (ESPC) board, Direct Marketing Association (DMA) Ethics committee, Email Experience Council (EEC) MAC, and appointed a Ponemon Institute Fellow. Dayman is actively involved in creating current Internet and digital communication regulations, privacy/security policies and anti-spam legislation laws for state and federal governments. He also sits on several advisory boards for Internet companies and is also a partner, mentor, and frequent investor in start-ups and Tech Wildcatters http://techwildcatters.com/ which is a mentorship-driven microseed fund and startup accelerator in Dallas, Texas.
Dayman holds a B.A. in Criminal Justice from Stephen F. Austin State University in Texas.
Dennis Devlin is CISO, CPO and SVP of Privacy Practice for SAVANTURE, where he oversees information security and privacy strategy, as well as the professional services practice that SAVANTURE offers to its clients. He has over four decades of information technology and risk management leadership experience in both private industry and higher education. During his career Dennis has strategized and led both enterprise wide technology and business initiatives in information security, digital privacy, identity management, wide area networking, electronic messaging, disaster recovery and business continuity, emergency notification, and data center, server and network operations.
Prior to his current role at SAVANTURE Dennis served as Assistant Vice President of Information Security and Compliance Services at George Washington University, Chief Information Security Officer for Brandeis University, Vice President and Chief Security Officer for The Thomson Corporation (now Thomson-Reuters), a member of the senior IT leadership team at Harvard University, and began his career as a software developer, analyst, and IT manager in the pharmaceutical industry at American Hoechst Corporation (now Aventis).
Dennis is a graduate of the University of Pennsylvania and has completed extensive continuing education in IT management. He has lectured at the UCLA Anderson School of Management, Babson College Center for Information Management Studies, University of Massachusetts Strategic Information Technology Center, Center for Advancing Business through Information Technology at Arizona State University and Boston University Metropolitan College. Dennis is a frequent presenter at professional meetings and conferences including the RSA Security Conference, Qualys Security Conference, SC Magazine US Forum, MIS Training Institute, Gartner IT Security Summit, EDUCAUSE, NERCOMP, Institute for Computer Policy and Law at Cornell University, the CSO Magazine Security Confab, the APPNATION Conference, and the Privacy and Information Management Forum at The George Washington University.
Dennis has been featured in numerous articles on security and written for CSO Magazine, SC Magazine and Secure Business Quarterly. He was a contributing author to Security 2020: Reduce Security Risks This Decade. Dennis has served on CSO advisory boards for RSA Security, Qualys, Verdasys, GeoTrust, ChosenSecurity, LogMatrix and the CSO Editorial Advisory Board for SC Magazine. He is also a faculty member of the Institute for Applied Network Security (IANS) and a former adjunct faculty member in the Information Assurance program at the Rabb School of Continuing Professional Studies at Brandeis University
Margaret P. (“Peggy”) Eisenhauer is the founder of Privacy & Information Management Services – Margaret P. Eisenhauer, P.C., an Atlanta, Georgia based law firm. She has extensive experience with U.S. and international privacy laws and industry best practices for managing consumer, customer and employee information.
Ms. Eisenhauer has been named one of the Top 25 American Privacy Law Consultants by COMPUTERWORLD in each of its biannual surveys (2006, 2008, and 2010). She is recognized by Chambers Global: Guide to Leading Business Lawyers in the area of privacy and data security.
In addition to a J.D. with honors from the University of Georgia School of Law (1989), she holds a Master of Science in Information & Computer Science from the Georgia Institute of Technology (1992). She is a member of the International Association of Privacy Professionals, a Certified Information Privacy Professional (CIPP/US), Chair Emeritus of the CIPP Advisory Board, a Fellow of the Ponemon Institute, and a member of the Nymity Advisory Council, the BNA Privacy Law Advisory Board, and the 501st Legion. She is the author of the case book, A Global Survey of Privacy & Security Enforcement Actions with Recommendations for Reducing Risk (International Association of Privacy Professionals, May 2008).
Steve Elefant is currently the Chief Strategy Officer at GoPago, which provides a cloud based Android tablet solution for Point of Sale to merchants around the country. Prior to GoPago, Steve was a Sr. Strategic Consultant at Google, focused on commerce, wallet and Point of Sale.
Steve joined Heartland Payment Systems in November 2008, Steve was a ‘non traditional’ CIO also providing strategic focus for delivering the company's solutions, M&A, Business Development, Strategy and Mobile. Steve led Heartlands Software as a Service (SaaS) applications to its merchant base. In January 2009, he ran and developed Heartlands new end-to-end encryption team focusing on developing point-of-sale products and executing Heartland's E3™ security platform that encrypts cardholder data from the point of swipe/entry at a merchant location through the Heartland processing networks and to the card brands, after Heartland’s massive security breach exposing 100M cards.
Steve was the founder of several successful Silicon Valley startup and venture capital firms. He is co-founder and former chief executive officer of ICVerify, Inc., a leader in payments processing integration of PC-based POS software. The company merged with CyberCash, Inc. where he was Vice- Chairman in 1998 to form an Internet and physical service provider for electronic payments software (which was ultimately sold to FirstData and is still in production today). After leaving CyberCash, Steve was involved in several other startups including a company called Price Radar in the online auction space (technology sold to eBay), a digital content management and micro payments company called Yaga (ultimately sold to Digital River) and then venture capital with Claremont Creek Ventures and Soaring Ventures for the five years before joining Heartland.
Steve has been an active member of the US Secret Service Electronic Crimes Task Force for more than six years, as well as the Federal Bureau of Investigation's Infragard Electronic Crimes Task Force for the past five years.
In his 'spare time' Steve is a passionate Multi Engine Instrument rated pilot, is a Special Deputy doing search and rescue flying for the San Francisco Sherriff's Department and is on the board of the USS Hornet, space, science and discovery museum. Steve holds a Bachelor of Arts, Political Science, University of California, Los Angeles (UCLA).
Todd Fitzgerald, CISSP, CISA, CISM, CRISC, CGEIT, PMP, ISO27000, CIPP, CIPP/US, ITILv3f
Todd Fitzgerald is the Global Director of Information Security for Grant Thornton International and is responsible for providing strategic information security leadership, promoting the establishment of global information security standards, solutions, and best practices for the sake of Grant Thornton member firms supporting 35,000 employees across more than 100 countries.
Todd authored the 2012 book, Information Security Governance Simplified: From the Boardroom to the Keyboard, and co-authored the 2008 ISC2 Leadership Series Book Entitled CISO Leadership: Essential Principles for Success, along with numerous other chapters for security publications, including the Official ISC2 Guide to the CISSP CBK. Fitzgerald has spoken frequently and chaired national/international conferences for RSA, ISACA, CSI, ISSA, MISTI, COSAC, HIMSS, HIPAACOW, WHIMA, CMS, ISE Programs, EVANTA and others. Todd was a 2005 Finalist for the ISE Programs Executive of the Year Award and has severed as judge and Master of Ceremonies several times. Todd was ranked in the Top 50 Information Security executives in 2012 by Execrank.com.
He earned a MBA degree from Oklahoma State University, a BS degree from University of Wisconsin-LaCrosse (current advisor to the College of Business Administration) and has previously held senior information technology leadership positions with Fortune 500 organizations such as ManpowerGroup, WellPoint (National Government Services), AstraZeneca (Zeneca), Syngenta, IMS Health, American Airlines and Blue Cross Blue Shield United of Wisconsin.
Michael Fitzpatrick is the founder/CEO and President of NCX Group, Inc. Michael has over 30 years of information technology experience where he began addressing the technical needs and security concerns of businesses embracing the internet. Today, he leads a team of highly skilled engineers and professional consultants who are dedicated to providing security assessments that protect critical data and ensure a business environment remains operational.
Michael has extensive knowledge in the areas of privacy legislation and regulatory compliance that impact how a business operates. As a recognized leader in business risk management and mitigation, Michael was asked to advise Senator Dianne Feinstein’s office in the development of the NORPDA (Notification of Risk to Personal Data Act) legislation. He has also given advice and guidance to Senator Mary Bono's office in which she is a co-sponsor of H.R. 4127, the Data Accountability and Trust Act (DATA).
As an extension of his passion in data security, Michael hosts a weekly broadcast called The Watchdog Report, where information risk management, business continuity and regulatory compliance are main topics.
Michael is a respected articulate presenter and has appeared as a featured speaker at caworld, OracleWorld, CCIA, Fox News and other national forums.
Patrick Florer has worked in information technology for 33 years. During 17 of those 33 years, he also worked a parallel track in medical outcomes research, analysis, and the creation of evidence-based guidelines for medical treatment. His IT roles have included operations, programming, database design, systems analysis, security, and risk analysis. From 1986 until now, he has worked as an independent consultant, helping customers with strategic development, analytics, risk analysis, and decision analysis. In 2011, he cofounded Risk Centric Security and currently serves as Chief Technology Officer. Risk Centric Security provides training and consulting services in the quantitative analysis of risk and market opportunity.
Mr. Florer received a B.A in Classical Greek, with highest honors, from the University of Texas at Austin in 1972. He was elected to the scholastic honor society Phi Beta Kappa in 1971.
After his wife became a victim of identity theft, he helped her to found the Identity Theft Resource Center in 1999. Jay’s computer and investigative talents lead him to specialize in cybercrime and criminal identity theft. However, he also shared his wife’s passion about all types of all types of identity theft. In partnership with Linda, they have undertaken the fight to bring child identity theft to the forefront – believing that even one case of child identity theft is one too many. He has also been working with the California Office of Privacy Protection regarding identity theft and foster children. Jay is also nationally respected for all of work in the field of identity theft and cybercrime. Along with his wife, Linda, they recently founded a new company that will focus on the major issues of this evolving crime, ID Theft Info Source.
Together they have been interviewed by hundreds of print, radio, and television media about various topics regarding identity theft. In 2004, they received the 2004 National Crime Victim’s Assistance Award presented by the US Attorney General. They have also received numerous commendations and awards for their work in the field of identity theft, victim’s rights, and had served on taskforces ranging from the California Department of Motor Vehicles to the US Attorney General’s task force on identity theft. In 2010, they were honored to accept the Congressional Victims’ Rights Caucus Suzanne McDaniel Public Awareness award on behalf of the ITRC and the Foley's work in helping the public understand the issues of identity theft. The Foley's have served as subject matter experts for various state and federal legislative committees and testified in hearings across the country.
An identity theft survivor herself, Linda has spent the last 14 years studying the crime of identity theft. In 1999 she founded the Identity Theft Resource Center and began to work with victims trying to clear their names and restore their lives. In the early 2000's she began to receive more and more calls from parents whose minor children had become victims of identity theft and by young adults who discovered their identities had been stolen before they turned 18. Some perpetrators were family members, often parents, and others were unknown criminals. Linda has spent the last 14 years researching this particular crime as well as other identity theft crimes. She is nationally respected for the depth of her knowledge of identity crimes and has received numerous awards and commendations for her work. She is currently one of the principal partners of the ID Theft Info Source. Www. IDTheftInfoSource.com
Along with her husband and business partner, Jay Foley, they have been interviewed by hundreds of print, radio, and television media about various topics regarding identity theft. In 2004, they received the 2004 National Crime Victim’s Assistance Award presented by the US Attorney General. They have also received numerous commendations and awards for their work in the field of identity theft, victim’s rights, and had served on taskforces ranging from the California Department of Motor Vehicles to the US Attorney General’s task force on identity theft. In 2010, they were honored to accept the Congressional Victims’ Rights Caucus Suzanne McDaniel Public Awareness award on behalf of the ITRC and the Foley's work in helping the public understand the issues of identity theft. The Foley's have served as subject matter experts for various state and federal legislative committees and testified in hearings across the country.
Mr. Fountain currently serves as senior vice president of Kratos Defense & Security Solutions, following Kratos’ acquisition of SecureInfo Corporation in November 2011. Prior to the Kratos acquisition, he was the president and chief executive officer of the company. SecureInfo is a leading provider of cybersecurity solutions to federal and commercial customers, including large cloud service providers. As senior vice president, Mr. Fountain provides direction to SecureInfo and is responsible for leading operations and strategy across the business. He is focused on expanding upon SecureInfo’s success by maintaining a customerâcentric, resultsâoriented culture.
Mr. Fountain is recognized for his expertise and passion across a spectrum of cybersecurity issues and technologies. He has testified before Congress regarding pending cybersecurity legislation, appeared on radio shows to discuss cybersecurity risks and spoken publically about securing cloud computing solutions. He leads SecureInfo customer strategies to effectively protect information assets used across the federal government and critical infrastructure industries.
Mr. Fountain has extensive experience leading and growing companies in the information technology industry. During his career, he has significantly grown shareholder value culminating in successful liquidity events. He is well versed in raising capital and leading merger and acquisition processes. His experience includes work with security, enterprise resource planning, supply chain, content management and infrastructure software and services companies, serving customers across many industries. He has held senior executive leadership and board positions over the past 18 years. Mr. Fountain has led global operations for companies headquartered in the United States and the United Kingdom, where he lived in 2004 and 2005.
Mr. Fountain also serves on the board of directors of Notable Solutions, Inc.
Mr. Fountain graduated cum laude from the University of Michigan with a B.S. degree in Industrial & Operations Engineering.
Steven F. Fox, CISSP is a Senior Security Architecture and Engineering Advisor with the U.S. Department of the Treasury. He advises multiple teams, offering security guidance on system architecture and engineering to ensure compliance with Federal standards and requirements. He also contributes to multiple working groups including the IPv6 transition team, Developer Security Testing workgroup, and the Security and Privacy workgroup. Mr. Fox brings a cross-disciplinary perspective to the practice of information security; combining his experience as a security consultant, a Sr. IT Auditor and a systems engineer with principles from behavioral/organizational psychology to address security challenges. He has performed security services including risk/vulnerability/penetration testing assessments, incident response planning, PCI DSS services, and social engineering.
Steven is a syndicated blogger covering IT Governance, Risk Management, and IT-Business fusion topics. His speaking engagements include Hacker Halted, ISSA and ISACA events, SecureWorld Dallas/Detroit, Security B-Sides Chicago/Detroit/Vegas, and GrrCon. He also served on the Board of the ISSA Detroit chapter from 2008 through 2012.
Mr. Fox holds an MS in Business Information Technology from Walsh College, an NSA recognized Center of Excellence. He has a BS in Psychology from Eastern Michigan University where he studied industrial applications of behavioral theory. He is also Six Sigma Specialist certified.
Ms. Mari J. Frank, Esq. serves as an attorney- mediator on privacy and other civil matters, and provides testimony as a privacy expert witness for state and federal court cases and governmental hearings. She is the author of several books including the Identity Theft Survival Kit, Identity Theft Prevention and Survival; From Victim to Victor: A Step by Step Guide for Ending the Nightmare of Identity Theft; Safeguard Your Identity: Protect Yourself with a Personal Privacy Audit and the Complete Idiot’s Guide To Recovering From Identity Theft. Since 2005 Mari has hosted the radio show Privacy Piracy on 88.9 FM in Irvine, California. This award winning show (Privacy Innovation Award in 2005 and BE REAL BROADCASTING AWARD in 2011) airs on Monday mornings at 8:00 AM, streams on kuci.org and podcasts on ITunes. (www.kuci.org/privacypiracy).
Ms. Frank consults with businesses and government agencies and provides professional training programs on privacy, conflict resolution, and identity theft issues. She is on the Board of the Privacy Rights Clearinghouse and had served for many years on the Advisory Board of California's Office of Privacy Protection, the Identity Theft Task Force of the L.A. County District Attorney, California's Department of Motor Vehicles Task Force on Privacy, and the Consumer Federation of America ID Task force on identity theft services. Ms. Frank is an Orange County, California Sheriff's Reserve since 2000, she’s a certified trainer for the State Bar of California, a law professor, and she teaches conflict management at the University of California, Irvine and Brandman University. In 2012 the Office of the Information and Privacy Commissioner of Ontario designated Mari a Privacy By Design Ambassador. She is a member of the International Association of Privacy Professionals, and serves as the Privacy Chair of the Executive Committee of the State Bar of California Law Practice Management and Technology Section. In August 2013, she was the editor of the State Bar of California “Bottom Line Journal entitled “Privacy at Risk”.
Ms. Frank has testified many times on privacy and identity theft issues in the California legislature and in the US Congress. In May 1999, she was summoned to the White House to a press conference with President Clinton to speak on Consumer Privacy. Her speech was broadcast on C-SPAN TV. Mari’s 90 minute PBS Television special, “Identity Theft: Protecting Yourself in the Information Age,” aired nationwide. Two of her books and the DVD of the show were featured gifts for viewers who pledged support for local PBS stations across the country. Mari was honored in 2012 by Money Magazine as one of its “Money Heroes.”
Mari has appeared on dozens of national TV programs including Dateline, 48 Hours, the O'Reilly Factor, Investigative Reports, NBC and ABC Nightly News, CNN, Geraldo, CNBC, Montel, the Hugh Thompson Show, Lifetime, Crime Stoppers and many other shows. She has been interviewed on more than 300 radio shows and featured or quoted myriad times in major national newspapers and magazines including: US News and World Report, Your Money Magazine, Money, Parade Magazine, The New York Times, The Wall St. Journal, USA Today, PC Magazine, The Chicago Tribune, The Los Angeles Times, Good Housekeeping; The California Bar Journal, The American Bar Journal, The Washington Post, The New York Daily News, Modern Physician, The Philadelphia Inquirer, and many more national publications. Her many articles have been published in legal journals and numerous magazines.
D. Reed Freeman, Jr. CIPP
Mr. D. Reed Freeman, Esq. is a partner in the Washington, D.C. office of Morrison & Foerster. He focuses his practice on all aspects of consumer protection law, including online and offline privacy issues, data security and breach notification, online and offline advertising review and competitor challenges, and direct marketing. Prior to joining Morrison & Forester, Mr. Freeman was a partner in the Kelley Drye Collier Shannon's Advertising and Marketing Practice Group.
Mr. Freeman served as chief privacy officer and vice president for Legislative and Regulatory Affairs at Claria Corporation. He has also served as staff attorney in the Federal Trade Commission's Bureau of Consumer Protection. Mr. Freeman is a former appointed member of the Department of Homeland Security's Data Privacy and Integrity Advisory Committee and is an adjunct professor for advertising and privacy law at George Mason University School of Law. He is also a an author and a frequent speaker on issues related to advertising and marketing law.
Daniel B. Garrie
Daniel Garrie is the current Managing Director of Alternative Resolution Center's (ARC) E-Discovery Dispute Resolution in Los Angeles and Senior Managing Partner at FSRDG LLC in New York. He regularly consults with attorneys and technologists on Electronic Discovery and Discovery Management issues related to litigation, commercial disputes, business claims, and enterprise information archiving implementation. Mr. Garrie is admitted to practice law in New York and New Jersey and is editor-in-chief of the Journal of Legal Technology Risk Management.
Mr. Garrie specializes in the synchronization of policies with information technologies and related best practices to ensure legal compliance for enterprises worldwide. Mr. Garrie counsels both domestic and international corporations in the domains of E-Discovery, data privacy, enterprise archiving, IT vendor selection, litigation risk management, and cost management. In addition, he leverages his legal and IT expertise to deliver enterprise application architecture, design, deployment, and integration of enterprise record and information management platforms.
Mr. Garrie has published more than 80 articles and books on E-Discovery, Cloud Computing, software, intellectual property, compliance, technology, legal, telecommunications, US and EU privacy policies, and a range of other E-Law issues. Recent publications include a three-part article on the risks and financial issues involved in Cloud Computing published in the Los Angeles Daily Journal, including, “Haste Makes Waste: Charging for Cloud Computing” (7/30/10), “Jurisdiction and Cloud Computing: How Does it Work?” (8/19/10), and “Do the Benefits of Being in the Cloud Outweigh the Risks?” (11/2/10).
Mr. Garrie is a seasoned Electronic Discovery Special Master, and was recently appointed to the E-Discovery Special Master Pilot Program for the U.S. District Court of Western Pennsylvania. He is a frequently sought after presenter at legal and technology seminars and has been invited to symposiums around the world, most recently the 2011 AIIM 360 Conference in Washington D.C., where he presented E-Discovery in the Cloud.
Mr. Garrie is the current Managing Director of Alternative Resolution Center's (ARC) E-Discovery Dispute Resolution in Los Angeles and Senior Managing Partner at FSRDG LLC in New York.
Stanton G. Gatewood
Stanton Gatewood is recognized worldwide as one of the leading experts on information security, strategic planning and electronic privacy. As the Chief Information Security & ePrivacy Officer for the Board of Regents of the University System of Georgia, Gatewood is the principal advisor to USG senior executives and security officers on matters related to cyberspace security and privacy issues. He balances his time between securing and protecting the 35 colleges and universities and more than 200 public libraries that comprise the University System of Georgia.
A much sought-after speaker and strategist, Gatewood is a tri-lingual author, teacher, and lecturer. Gatewood has traveled extensively transferring his knowledge of Information Security & ePrivacy in Latin America, Middle East, Africa, Asia, and Europe. He is a contributing writer and editor for security journals including Information Security Magazine, SecurityFocus, SC Magazine, Federal Times, Computerworld and CSO magazines.
Gatewood has had a long distinguished career in the military, state and federal government, higher education and corporate security spanning more than 33 years. During his distinguished career, Gatewood has built "highly successful" information security and privacy programs, two centers of excellence; one for cryptography and one for awareness, training and education. He has served as the former president of the founding chapter of the Information Systems Security Association (ISSA) in Los Angeles, Calif. and continues to serve on several industry boards. Most recently, Gatewood was named one of SC Magazine's - IT security luminaries and one of the Top 5 influential IT security thinkers in the world.
Nikk Gilbert (CISSP, CISM) is Vice President of Corporate Security & Safety and CSO/CISO for CUNA Mutual Group; a diversified financial services firm with over 4,000 employees worldwide and $16.5 billion in Assets.
Part business strategist, customers advocate and enterprise risk leader, Nikk is able to modernize global organizations by using executive management skills, deep business knowledge and technical credibility. Nikks experience includes working as a CISO and CIO for the American Department of Defense, as well as being a CIO and CISO for NATO and the US Navy where he was awarded the Meritorious Civilian Service Medal.
Nikk is originally from the US and lived in and been to numerous countries throughout the world. Nikk is a frequent speaker at technology events throughout the world. He has been featured in several articles and interviews to include Network World, SANS, Baseline Magazine, Computer World, Computer Weekly, CIO Insight, SC Magazine and others.
Chief Executive Officer, DataGuidance
Lindsey Greig is the CEO of DataGuidance, the global data protection and privacy service that gives professionals the confidence to make the right decision about compliance; saving time, minimising costs and mitigating risks. DataGuidance is a division of Cecile Park Publishing Ltd, also home to sister publication Data Protection Law & Policy.
Lindsey has developed extensive experience in the data protection and privacy field, establishing both services and regularly speaking at national and international privacy conferences and webinars. He has demonstrated that he is an expert commentator on the role of data privacy in building brand value in global markets.
A former journalist turned entrepreneur, Lindsey founded and edited the Lawyer magazine, the weekly magazine for the UK legal profession.
Renee Guttmann is the Chief Information Security Officer at the Coca-Cola Company. Renee is responsible for the Information Risk Management program at The Coca-Cola Company. Previously, she was VP of Information Security and Privacy at Time Warner and Senior Director of Information Security at Time Inc. She has also held information security roles at Capital One, Glaxo Wellcome, Inc. and Gartner. Renee received the 2008 Compass Award from CSO Magazine and in 2007 was named a “Woman of Influence” by the Executive Women’s Forum.
Jean-Paul Hepp, Ph.D., CIPP
Dr. Jean-Paul Hepp is an accomplished business executive, strategist, and change agent. He has more than 24 years leadership experience working across multiple verticals in the highly regulated pharmaceutical industry.
Hepp engages global organizations with bold initiatives that transform the entire culture. At Pharmacia, he became the first in the industry to implement a corporate Internet strategy. His activities propelled Pharmacia to a leadership position. At Pharmacia, Hepp was again the first in the industry (along with Merck) to serve in the full-time Privacy Director/Corporate Privacy Officer position. He continued in this role with Pfizer after it acquired Pharmacia.
Priscilla Hill-Ardoin retired from her position as chief privacy officer of AT&T, Inc., in 2007 after a distinguished career with the corporation and several of its subsidiaries. Hill-Ardoin founded the organization responsible for ensuring AT&T has policies and procedures in place to maintain full compliance with state and federal regulatory requirements governing telecommunications. She served as associate vice president-corporate services, chairman of the board for the AT&T Foundation, and the company's director of diversity. She also held positions in strategic planning, marketing, and network operations.
A recognized leader in the communications industry, Hill-Ardoin supported the advancement of women and minorities in all areas of the business. In 2003, she was appointed by FCC Chairman Michael Powell to the Chairman's Advisory Commission on Diversity in Communications in the Digital Age.
Chris Jay Hoofnagle
Mr. Chris Jay Hoofnagle, Esq. is senior staff attorney with the Samuelson Law, Technology and Public Policy Clinic and senior fellow with the Berkeley Center for Law and Technology. His focus is consumer privacy law. Previously, he was senior counsel to the Electronic Privacy Information Center and director of the organization's West Coast office. He was also a non-residential fellow with Stanford University's Center for Internet and Society for the 2005 academic year.
Among his recent academic publications are Identity Theft: Making the Unknown Knowns Known, in the Harvard Journal on Law and Technology; Putting Identity Theft on Ice: Freezing Credit Reports to Prevent Lending to Impostors, Stanford University Press; A Model Regime of Privacy Protection, in the University of Illinois Law Review (with J. Solove); and Big Brother's Little Helpers: How ChoicePoint and Other Commercial Data Brokers Collect, Process, and Package Your Data for Law Enforcement, in the North Carolina Journal of International Law & Commercial Regulation.
James M. (Jim) Jordan, JD, CIPM, CIPP
James M. (Jim) Jordan III is the Chief Privacy Officer of Fiserv, Inc. (NASDAQ: FISV), a leading global technology provider serving the financial services industry, driving innovation in payments, processing services, risk and compliance, customer and channel management, and business insights and optimization. Prior to joining Fiserv in 2007, Jim served for six years as an in-house lawyer for the General Electric Company, where he held the titles of Chief Privacy Leader and Senior Counsel for E-Commerce and Information Technology, was responsible for global privacy law compliance, and led the implementation of a pioneering Binding Corporate Rules program that has been formally approved by Data Protection Authorities in a number of EU member states as a basis for international transfers of employment data. Jim also has 11 years experience in private law practice, including five years with Alston & Bird, LLP, where his practice included intellectual property licensing and litigation, as well as e-commerce and privacy matters.
Jim earned both a B.S. in Physics and a J.D. (law degree) from the University of Georgia, and served for seven years as a U.S. Navy nuclear submarine officer. He was one of the first lawyers working on “internet law” matters in the early 1990s, and subsequently one of the first working on legal and policy matters relating to electronic commerce and privacy. â¨â¨Jim is a member of the International Association of Privacy Professionals, an original member of the IAPP's Certified Information Privacy Professional (CIPP) Advisory Board (2003-2007), and has earned all five CIPP certifications and the Certified Information Privacy Manager (CIPM) certification.
Ondrej Krehel is the Chief Information Security Officer for Identity Theft 911, the nation’s premier identity theft and data breach management, resolution and education service. He has managed information security departments and launched digital forensic investigations across a wide swath of industry and government.
He managed and conducted a wide range of investigations, including computer intrusions, theft of intellectual property, massive deletions, defragmentation, file carvings, anti-money laundering, financial fraud, mathematical modeling and computer hacking.
He holds an M.S. degree in Mathematical Physics from Comenius University in Bratislava and an Engineering Diploma from Technical University in Zvolen, Slovakia.
An international conference speaker and educator, he’s presented at RSA, among other notable security summits, and is an adjunct professor at St. John ’s University. His work has been featured by CNN, Reuters, The Wall Street Journal and The New York Times.
Before joining DHS, Kropf worked for 10 years as an international lawyer with the U.S. Department of State in the Office of the Legal Adviser. He also served two years with the American Embassy in Turkmenistan as country director for USAID. Kropf began his federal career as an attorney with the U.S. Department of Justice Honors Program. He earned his law degree and a master’s degree in public and international affairs from the University of Pittsburgh.
He is also a graduate of Denison University with a B.A. in Philosophy. John is a member of the bars of Pennsylvania and the District of Columbia. He is also a member of the International Association of Privacy Professionals (IAPP) and serves as a member of its Certification Advisory Board and has earned the CIPP/US and CIPP/G certificates. He is the author of the Guide to U.S. Government Practice on Global Sharing of Personal Information as well as numerous articles on global and strategic privacy issues.
Ryan is the Managing Director of the Cyber Lab, part of Accenture’s cross-industry research and development Technology Labs. During his 16 years with Accenture, he has worked with customers in Public Service, Retail, Financial Services, Utilities, Pharmaceuticals, Media & Entertainment, and Communications & High Tech to find emerging technology solutions to their business needs. As the lead for Accenture's Cyber Lab, Ryan’s current role focuses on research that brings together the areas of analytics, knowledge discovery, and cyber-security, with the goal of developing first-of-a-kind approaches to sharpening threat assessment methodologies and enhancing knowledge of successful responses.
He holds patents in human resource management, knowledge discovery and establishing trust between entities online. Ryan is a graduate of Princeton University, with a B.S. degree in Electrical Engineering.
Matt Leonard, CIPP
Mr. Matt Leonard is a privacy and strategic marketing executive. His more than 25 years of experience managing direct marketing operations along with his experience developing and implementing privacy and information strategies, policies, and practices in complex organizations gives him a unique perspective on the issues surrounding responsible information practices.
Leonard directed privacy and information policy at Harte-Hanks, a major end-to-end direct marketing service organization. He spent ten years at IBM in Direct Marketing, Customer Information, and Privacy. He is an industry-recognized expert in all aspects of marketing, from Database Analytics to Product Development.
Leonard brings a depth of experience in marketing as well as specific expertise regarding privacy practices in marketing oriented organizations. He speaks frequently to organizations about privacy and marketing. He is an advocate of effective privacy and information practices as a basic business requirement.
Former Global Managing Partner Security Practice, Accenture
Dr. Alastair MacWillson is the Global Managing Partner of Accenture’s global security practice, which comprises of over 3,000 security and risk professionals, and works with business and government leaders around the world on critical issues relating to technology strategy and risk, operational performance and management, cyber and information security, and critical infrastructure protection. He also serves on the leadership council of Accenture’s global technology consulting business.
Prior to joining Accenture in 2002, Dr. MacWillson was the global leader of the technology consulting practice in PricewaterhouseCoopers. During his time with PwC he also had responsibility for the PwC technology venture fund, which had $50m invested in new business activities, and was also the founder and interim global CEO for beTRUSTed, a managed service e-security business of PwC. Having successfully established the beTRUSTed business, he handed over responsibilities to a full-time CEO in early 2002.
Dr. MacWillson was appointed as Chair of the Institute of Information Security Professionals in 2011, having previously been the Chair of the IISP Accreditation Committee for 5 years. In his role with the IISP, he aspires to help shape the security industry through greater awareness and recognition, and improving the standards of professionalism.
Over the past 22 years Dr. MacWillson has lead technology transformation and security projects for major organizations such as World Bank, SWIFT, DTC, CBT, LSE, Boeing, Northrop Grumman, NASA, QinetiQ, BP, Shell, Barclays, Goldman Sachs, Bank of America, , Ericsson, BT, as well as intelligence, security and defense departments of the UK, US, European, Australian and Indian Governments. He has advised clients on information and cyber security in the nuclear research and nuclear energy sector and has worked on projects for the UKAEA and Lawrence Livermore National Laboratory.
Dr MacWillson has acted as an adviser to a number of governments on technology strategy critical infrastructure protection, cyber security and counter terrorism and has sat on related committees for the US and UK governments, the European Commission and the United Nations.
Prior to moving into consultancy in 1990, Dr. MacWillson worked in government service and held senior advisory positions on security and risk related strategy with the UK Foreign Office and, through secondment, with the US State Department. During his government career, Dr. MacWillson completed tours of duty in the Middle East, Moscow and Washington DC as well as working for shorter periods in a variety of other countries.
With over 22 years of experience in information technology, security and applied cryptography, Dr. MacWillson is internationally recognised as an expert in the field. As such, he is a frequent speaker and commentator on technology and security issues and his insights have been featured by some of the top media outlets such as the BBC, CNN, The Wall Street Journal and the Financial Times. He is also a visiting lecturer on security and technology and has presented on many programmes with MIT, Georgetown, RHUL, Stanford, Surrey universities and the LBS. During his career Dr. MacWillson has published many articles and papers on technology and risk and has authored journals on cyber and information security, risk, cryptography and cyber terrorism, as well as a widely selling textbook on Hostage Taking Terrorism (McMillan 1992).
Dr. MacWillson has a B.Sc. in Physics, Postgraduate Diplomas in Computer Science and Digital Imaging, a Ph.D. in Theoretical Physics, a D.Phil. in Cryptographic Science and a Management Diploma from IMD in Lausanne.
Gail Magnuson, a bright and innovative Global Security, Privacy and Information Policy Executive and Consultant with over fifteen years of experience in creating and delivering effective and streamlined policy solutions and programs that achieve business goals as well as regulatory compliance. Gail is known for expeditiously implementing such policies & programs that bring global teams together, drive consensus, creatively meet the needs and stand the test of time.
She is also known for establishing ongoing compliance & governance disciplines as well. She has done this effectively as an as international chief privacy officer, security and privacy consultant, security and privacy portfolio manager, information management and process design executive and business ethics global eLearning leader.
Recognized as a global expert in the security and privacy communities and in the financial services, business services, tele-communications, government, and health care communities. Serves in leadership roles in research and global matters through active participation in leadings associations such as:
- Nymity, as author of Nymity’s Risks & Controls modules and strategic white papers. Built Nymity’s global research contributor program to over 350 contributors
- Member of OASIS PMRM (Privacy Management Reference Model and Methodology) Technical Committee, its goal to advance open standards for privacy in the information community
- Regular attendee at National, Regional and International Conferences for Privacy Commissioners and professionals
- Executive Research Fellow at Zeropoint Risk Research, LLC
- Center for Information Policy Leadership (CIPL) at Hunton & Williams and IAPP
- Responsible Information Management group at the Ponemon Institute and Ponemon Distinguished Fellow
- BITS at the Financial Services Round Table and the Santa Fe Group’s Shared Assessments
Gail has spent her fifteen year data protection career at Bank of America, IBM, Fiderus, EDS, Manpower and Gail Magnuson, LLC.
Her background also includes more than 30 years of facilitating organizational change in information, business processes, systems and operations innovations, strategic planning and systems architecture, primarily in finance industry, working directly with both established and entrepreneurial companies.
Mr. Mattice is President and founder of the National Economic Security Grid (NESG). The NESG is a non-partisan grassroots-based non-profit initiative that is a resource to metropolitan area public and private sector entities and is dedicated to educating public and private sector enterprises relative to the broad range of risks, threats and hazards they face.
He is also Managing Director of Mattice & Associates, a management consulting firm specializing in conducting enterprise risk assessments, implementing IP and brand protection measures and establishing broad-based risk intelligence programs. Mr. Mattice has a strong track record as a senior executive for three major U.S. based global corporations (Northrop Corporation, Whirlpool Corporation and Boston Scientific) and one mid-cap company (Wescom, Inc.) in dramatically different business sectors. His experience base traverses the defense & intelligence, electronics, life sciences, consumer products and service industries.
Mr. Mattice has been certified as an Expert Witness at both the Federal and State Court levels. He is also board certified in the disciplines of risk and information system controls. Mr. Mattice is a past Chairman of the Board of Directors for the National Intellectual Property Law Institute (NIPLI) in Washington, D.C., where he remains Chairman Emeritus and counselor to the President of the Institute. Mr. Mattice also served as an industry advisor to the U.S. Intelligence Communities National Counterintelligence Center and as a member of the U.S. State Department’s Overseas Security Advisory Council.
He was one of eleven industry representatives appointed to a joint government and industry task force established by Presidential Directive under President George H.W. Bush’s administration, focused at developing a new National Industrial Security Program (NISP) to replace the myriad of duplicative government security regulations. Mr. Mattice was recognized for his efforts as one of the principal architects of the NISP by way of a special joint commendation signed by the three Cabinet Officials who led the Presidential Task Force - Secretary Cheney of Defense, Director Kerr of Central Intelligence and Secretary Watkins of Energy.
Mr. Mattice was selected by Security Magazine as one of the “Most Influential People in Security for 2009”. He was designated in 2007 by Security Technology & Design magazine as one of the “Top 10 Movers and Shakers” in the Security Industry. He also was honored by CSO Magazine when they presented him with their 2007 Compass Award for his visionary leadership in the security field. He is a charter member of the Board of Directors for the International NGO Safety and Security Association, and was elected to three terms on the Board of Directors for the International Security Management Association (ISMA). Mr. Mattice also co-chairs the newly established Private Sector Liaison Committee within the Major County Sheriff’s Association.
Mr. Mattice was awarded a Senior Fellowship in 2010 at George Washington University’s Homeland Security Policy Institute. He also participates on HSPI’s Counterterrorism and Intelligence Task Force. He served on the Advisory Board for the Graduate and Undergraduate level Leadership and Management Program in Security (LaMPS) at Michigan State University in East Lansing, Michigan. His education in business disciplines has been enhanced through executive development programs from The Center for Creative Leadership, University of Michigan’s School of Business, Harvard Business School and Harvard’s John F. Kennedy School of Government. The focus of his undergraduate work at California State University – Long Beach was in Security Administration.
Thornton A. May
Mr. Thornton May is one of the premier communicators in the information technology industry. He combines a scholar's passion for empirical research, an entrepreneur's capacity for opportunity identification, and a stand-up comic's gift for storytelling in working with executives to figure out what comes after what comes next.
May is responsible for sculpting executive education information technology curricula at four major business schools: UCLA, UC-Berkeley, Arizona State, and Ohio State. He designed and delivered the information technology portion of the curriculum at the University of Amsterdam's Controller's Institute (special program for multinational chief financial officers). May co-founded the Director's Institute, a program to improve board level technology decision-making.
May's insights have appeared in the Harvard Business Review, the Financial Times, and the Wall Street Journal, among other publications. He also debated the future practice of strategy on National Public Radio.
Joanne McNabb, CIPP/G
Ms. Joanne McNabb is chief of the California Office of Privacy Protection. The organization is a resource and advocate on identity theft and other privacy issues. In addition to providing information and education for consumers, it publishes privacy practice recommendations for business and organizations.
McNabb is co-chair of the International Association of Privacy Professionals' Government Working Group. She also serves on the Privacy Advisory Committee of the Department of Homeland Security. She is a frequent speaker at privacy conferences and seminars.
McNabb has more than 20 years experience in public affairs and marketing in both the public and private sectors, including five years with an international marketing company in France. Her marketing background contributes to her understanding of the commercial uses of personal information that have become a significant privacy concern.
Mr. Peter Milla is a noted expert and consultant to the global research industry. Peter has more than 25 years of experience in a wide range of information technology, market/survey research and data privacy and security activities, applying expertise in information technology and market/survey research methods. He has extensive experience with all computer assisted survey information collection technologies, specializing in Internet-based market/survey research.
Prior to becoming a consultant, Peter was Chief Information Officer and Chief Privacy Officer at Survey Sampling International and Harris Interactive.
Peter is very active in market/survey research industry associations, having served on the Board of Directors of CASRO. He currently holds leadership roles in several industry workgroups and committees in the areas of technology, government affairs, ISO (quality standards) and Internet research.
Stuart Noad is Director of Marketing (Northern Europe) for Appsense, the global leader in User Virtualisation. Previously Mr. Noad served as Marketing Director, and as a member of the operational board, for HP Information Security, successfully overseeing its brand transition from Vistorm.
During this time, and with Ponemon Institute, Mr. Noad has delivered many new security initiatives including the Security Effectiveness Rating and the Cyber Security Benchmark. He is a Chartered Marketer with more than 12 years experience across a wide range of leading security, software and IT services businesses.
Stanley R. Norman, P.Eng. is the Founder and President of ACK Enterprises – Security Solutions. He is also the President of the FBI’s North Texas InfraGard.
Previous experience includes: Multiple Research and Development executive positions with extensive experience (designer and management) in global product developments from Concept to Market Deployment. Over 30 years of R&D experience in the high tech Critical Infrastructure areas of Communications and Information Technology with a heavy emphasis on utilizing the latest advanced technologies along with Security and Intelligence Analysis. Global R&D product responsibilities included Hardware/Software/System Design, Strategic Planning, R&D Effectiveness, Competitive Analysis, Multi-Site Product Development and Introduction to Market, Network Security, Internet and Intranet Security. Additional focus was provided in the areas of Anatomy of Database Attacks, Protection from Insider Threats, Using Data Analytics in Fraud Investigations and Service Organizations Control.
Currently managing and operating a company that specializes in leveraging leading edge technologies for Security Solutions in the following areas: Internet, Cyber Technologies, Perimeter Security, Surveillance Systems, Intrusion Detection, Monitoring, Electronic Access Control, Private Investigations, Digital Forensics, Cybercrime and Intelligence Analysis.
The following is a list of current security affiliations: North Texas Crime Commission (NTCC), Vice Chair of the NTCC Cyber Crime Research Group, Vice Chair of the NTCC Cybercrime Committee, NTCC Health Care Fraud Committee, FBI Health Care Fraud Working Group, United States Secret Service Electronic Crimes Task Force, United States Coast Guard (Aux)- Eighth Coast Guard District, Fusion Liaison Officer - North Central Texas Fusion Center for intelligence gathering, Department of Homeland Security Cyber forums, FBI Cyber Squad.
Also graduated from the following citizen academies: FBI Academy, District Attorney’s Prosecutor Academy, Dallas County Sheriff’s Academy, Collin County Sheriff’s Academy, Plano Police Academy. Two other academies are being pursued – Texas Department of Public Safety (DPS) and Dallas/Fort Worth International (DFW) Airport Police Department.
Background also includes: Licensed Professional Engineer, Senior member of the Institute of Electrical and Electronic Engineers, Past mentor at the University of Texas for the MBA program, Past Vice president of the TL-9000 Special Interest Group, Member of the Association of Professional Engineers, Licensed Private Investigator specializing in Digital Forensics and Cybercrime, Holder of four United States Patents.
Stuart L. Pardau
Stuart L. Pardau is an attorney, corporate executive, and scholar with expertise in data security and privacy, which is complemented by his experience in the intellectual property and corporate law areas. Currently, Stuart is an Assistant Professor (tenure-track) at the College of Business and Economics at California State University Northridge and is also a member of the Leadership Council at the Rand Corporation in Santa Monica.
In addition, to his academic pursuits, Stuart has his own private law and consulting practice, The Law Offices of Stuart L. Pardau Associates, where he advises clients on intellectual property, data security/privacy, and corporate law issues. Prior to that, Stuart was, for close to 10 years, the Chief Legal Counsel, at the leading market research firm, J.D. Power and Associates, where he became a thought leader in technology, data security and privacy issues concerning the market research industry, including through his work as a member of the Council on American Survey Research ("CASRO") Legislative Affairs Committee.
A former Managing Director and Regional Counsel of FedEx Corporation, based in Tokyo, Japan, Stuart also has over 10 years of experience living and working in East Asia, with particular expertise in Japan, China and the Republic of Korea. Stuart is conversational in Japanese and has a J.D. from Stanford Law School and a Masters degree from Cambridge University in the U.K.
Deborah C. Peel, M.D.
Deborah C. Peel, MD is the leading national and international advocate for restoring patients' rights to control the use of sensitive personal health information in electronic systems. She also has practiced as a physician and psychoanalyst for over thirty-five years.
She was named one of the "100 Most Influential in Healthcare" in the US by ModernHealthcare magazine four times since 2007-the first privacy expert and consumer advocate on the list.
She learned about the lack of health privacy from her patients. Many feared seeking treatment unless their records were private. They had lost jobs or reputations using health insurance to pay for care. They realized physicians disclose medical records to get insurance payments, and insurers share health information with employers, so they offered cash for privacy.
In 2004, she formed Patient Privacy Rights (PPR), www.patientprivacyrights.org, which has become the world's leading consumer health privacy advocacy organization. PPR has over 12,000 members in all 50 states.
In 2006, Dr. Peel founded the bipartisan Coalition for Patient Privacy, representing 10.3 million Americans. The Coalition is responsible for the historic privacy protections in the stimulus bill: a ban on sales of PHI, audit trails, segmentation, breach notice, the right to prevent disclosure of PHI for payment and HCO if payment is out-of-pocket, and encryption. Microsoft joined the Coalition in 2007.
In 2011 PPR and the University of Texas LBJ School of Public Affairs created the 1st International Summit on the Future of Health Privacy. The summits are the only place where both threats to health privacy and solutions are thoughtfully debated by national and international experts from advocacy, academia, government, and industry.
In 2012, PPR expanded the summit and partnered with the O'Neill Institute at Georgetown Law Center, the University of Cambridge Computer lab, the Harvard Data Privacy Lab, and The University of Texas School of Information. Sponsors included Microsoft, FairWarning, Jericho Systems, Accenture, Dell, CA Technologies, PwC, IDExperts, e-MDs, Meditology, and TATRC. See: http://www.healthprivacysummit.org.
Dr. Peel was the First Tocker Fellow at the University of Texas School of Information. See:http://www.ischool.utexas.edu/about/news/view_news_item.php?ID=363
Dr. Christopher Pierson serves as the EVP, Chief Security Officer and Chief Compliance Officer for LSQ Holdings and a separate start-up payment company. In this role, he is responsible for corporate security and compliance risks including all cybersecurity, fraud, intelligence, audit and its compliance, regulatory, anti-money laundering, information assurance, and privacy programs. He chairs the corporate-wide Executive Risk Management Committee focusing on governance and strategic risks.
Dr. Pierson also serves as an appointed member for the Department of Homeland Security Data Privacy and Integrity Advisory Committee and Cybersecurity Subcommittee providing advice and guidance to the Secretary and Chief Privacy Officer on policy, operational, strategy, and technological issues affecting our country’s national security interests.
Previously, Chris was the SVP and first Chief Privacy Officer for the Royal Bank of Scotland's U.S. banking operations leading its privacy and data protection program. Chris was responsible for the global roll-out of privacy as functional business unit and led RBS on the largest revitalization of its information technology, cybersecurity controls, regulatory framework, and operational efficiency.
Chris also served as a corporate attorney for Lewis and Roca where he established its Cybersecurity Practice and advised on information security, data breaches, privacy, intellectual property, and cyber law matters for Fortune 500 companies across all business sectors. Chris is a graduate of Boston College (B.A., M.A.) and The University of Iowa (Ph.D., J.D.) and speaks at national events and is frequently quoted on cybersecurity.
Nils is a Co-Founder and member of the Board of the Cloud Security Alliance, a community of over 50,000 security professionals in over 50 chapters worldwide with the goal to promote the use of best practices for providing security assurance within Cloud Computing. The Alliance also educates on the uses of Cloud Computing to help secure all other forms of computing.
Nils Puhlmann was the Chief Security Officer of Zynga and led the converged security department, managing all security risks for the company and chairing the Security Risk Committee. He oversaw the company’s security domains of product & application security, security engineering & architecture, investigations & incident response, security intelligence & threat assessments, physical security, executive protection, ecrime and security compliance & audit.
Before joining Zynga, he served as Chief Security Officer of Qualys, where he was responsible for security, risk management and business continuity planning. His responsibilities included the security of the cloud-based QualysGuard SaaS platform. He also led the Qualys CSO Advisory Board and evangelized at various international industry events in areas of security management and cloud security.
Prior to Qualys, Puhlmann was the Chief Information Security Officer for Electronic Arts, with global responsibility for information security, intellectual property protection, risk management, compliance, physical security, forensics & investigations and business continuity management/disaster recovery. He was also previously the Chief Information Security Officer at Robert Half International, where he had global responsibility for managing information security, risk management, privacy, forensics & investigations, CERT and Business Continuity Management enterprise wide.
Prior to that, he was Director Global IT & Security and Chief Privacy Officer at Mindjet Corp, where he managed Mindjet's global information security, physical security and privacy programs. He was also a Senior Manager of Product Security at Adobe Systems, responsible for creating and managing Adobe's product vulnerability program, overseeing security assessments of Adobe applications, driving product security certifications, and promoting secure development practices. He created Adobe's product security incident response team, chaired Adobe's Security Task Force and managed Adobe's first Common Criteria Certification.
Puhlmann also held senior positions at Nortel Networks and START Amadeus, and was an independent security consultant with clients such as the State of California and other foreign States. He maintains numerous security certifications, including CISSP-ISSMP and CISM. He has held Board of Directors positions in the past (ISACA Silicon Valley) and is currently a Director on the Board of the Cloud Security Alliance, a Director on the International Board of Directors of ISSA, a Board member of OVAL (Open Vulnerability and Assessment Language), an Advisory Board member for several Security Companies and has been called as a subject matter expert by ISACA and ISC2. He was also a member of the Advisory Council for the CISO Forum of ISSA.
In 2012, Puhlmann was a finalist for the “CSO of the Year” award by SC Magazine. Puhlmann was invited in 2009 by the Dept. of Defense and the Executive Office of the President to speak at the National Cyber Leap Year Summit in Washington, DC. and is a frequent speaker and keynote presenter at global security and technology conferences. He is considered a visionary in the field of converged security risk management and information security and his advice is frequently sought after by corporations and government entities.
Richard Purcell has been a leading voice in addressing consumer privacy and data protection challenges since the late ‘90’s. He leads Corporate Privacy Group (CPG), an independent consulting firm focusing on establishing sustainable and effective information security and privacy programs. CPG supports multi-national corporations, Internet start-ups and government agencies in planning, developing, and implementing enterprise-wide programs designed to respect and protect personal information. Utilizing its proprietary management model, 3PT™, CPG works from a basis of assuring that the right people develop and communicate the right policies supported by the right processes and technologies. CPG also offers award-winning Web-based education and training courseware for security and privacy awareness, knowledge and skills development.
As Microsoft’s original privacy officer, Richard designed, developed, implemented and oversaw one of the world’s largest and most advanced privacy programs spanning Internet properties, software products, end-user support and information systems. In 2002, Microsoft’s Trustworthy Computing initiative included the global privacy program as a key enterprise pillar. Throughout this period, Richard worked closely with regulators and legislators in the United States, Canada, Europe and Australia to create global accountability and compliance standards and maintains those relationships today.
Recently, Richard also served as Chairman of the Data Privacy and Integrity Advisory Committee to the Department of Homeland Security and as the Executive Director of the non-profit research agency, the Privacy Projects. Previously, he served on the Federal Trade Commission’s Online Access & Security Advisory Committee and as Chairman of TRUSTe, the pioneering online privacy certification agency. He sits on several corporate advisory boards and regularly addresses issues of information privacy and data protection domestically and globally.
Dr. James Ransome, CISSP, CISM, is the Senior Director of Product Security and responsible for all aspects of McAfee’s Product Security Program to include the Product Security Incident Response Team (PSIRT), a corporate-wide initiative that supports the delivery of secure software products to customers. He is a recognized security practitioner, author, and speaker with a current focus software security. His career is marked by leadership positions in the private and public industries, having served in three chief information security officer (CISO) and four chief security officer (CSO) roles at Applied Materials, Autodesk, Qwest Communications, Pilot Network Services, Exodus Communications, Exodus Communications -Cable and Wireless Company, and Cisco. Ransome was also the vice president of Integrated Security at CH2M HILL and senior vice president of Commercial Managed and Professional Security Services at SecureInfo Inc. While at Exodus Communications and Cable and Wireless, he managed Internet and physical security for hundreds of thousands of users within the world's largest commercial hosting environment, serving more than 4,500 customers from 42 data centers.
Ransome has 23 years of government service, which includes ten years as a computer scientist and geospatial imagery intelligence analyst, weapons of mass destruction threat credibility assessment analyst and senior NEST key leader for DOE/Lawrence Livermore National Laboratory, three years as US Special Agent for the Naval Criminal Investigative Service (NCIS), and is a retired Naval Intelligence Officer (Commander) and former U.S. Marine Corps Weapons Platoon Sergeant and Intelligence Specialist with twenty-three years combined active and reserve service.
He holds a Ph.D. in Information Systems and developed/tested a security model, architecture, and provided leading practices for converged wired-wireless network security for his doctoral dissertation as part of a NSA/DHS Center of Academic Excellence in Information Assurance Education program. He is a member of Upsilon Pi Epsilon, the International Honor Society for the Computing and Information Disciplines, a Certified Information Security Manager (CISM), a Certified Information Systems Security Professional (CISSP), and a Ponemon Institute Distinguished Fellow.
Ransome recently authored his 10th information security book “Core Software Security: Security at the Source.” He also developed the initial wireless, network architecture, SCADA, Cryptography, and VoIP security leading practices for the Federal Communications Commission Network Reliability and Interoperability Council Focus Group on Cybersecurity – Homeland Defense.
Steve Ransom-Jones has worked in the field of information security for over twenty-five years where he has developed a passion for adapting methodologies to assess and solve unstructured problems. He is currently responsible for establishing and managing the IT security and privacy function for Hollister Incorporated, a medical device manufacturer.
He started his information security career working for the UK Government Communications Headquarters and has been heavily involved in deploying secure solutions globally using some of the practices that emerged from Europe in the 80's and 90's, including ITSEC and BS7799. Mr. Ransom-Jones moved to the US in 1998 to join IBM as a security consultant where he contributed to developing the practice's privacy methodology and performed or managed engagements on behalf of a wide variety of clients. He also experienced the thrills and issues of security and compliance challenges in outsourcing environments as he managed the delivery of security services for several of IBM's Fortune 100 outsource customers.
In his own time he enjoys “applied risk management” as an aviator by constructing and acting as a test pilot for experimental aircraft. He has designed and developed his own avionics hardware, software and firmware. He finds this a relaxing blend of practical construction, design and sound decision making activities.
John C. Reece
John C. Reece is chairman and CEO of John C. Reece & Associates, LLC, the firm he founded to provide personal leadership assistance to corporate and government executives in resolving issues having high impact on their enterprises' value creation performance. The firm assists private and public sector clients over nearly 15 years and enjoys a strong mix of new and repeat relationships.
His entire 50 + year professional career has been devoted to applying leading-edge computing, networking, security and privacy technologies to transform businesses—how they earn and add value, serve their stakeholders and win competitively. He has brought thought leadership and success in all of these endeavors across four ascending career stages— manager/practitioner, professional management consultant, corporate CIO and ultimately, as CEO and entrepreneur
Earlier, Reece served as Deputy Commissioner for Modernization and chief information officer at the IRS. He was also vice president of Information Technology at Time Warner Inc., functioning as that company's first CIO. Before moving to Time Warner, Reece created the enterprise CIO role at Alexander and global insurance broker, Alexander Services, Inc.
He was managing partner of Booz, Allen & Hamilton’s IT practice in the Midwest for over a decade and EVP and managing partner of Strategic Planning Associates’ (SPA) IT strategy team until it was sold to Marsh & McLennan. He began his career as a practicing IT professional at IBM, Union Carbide and American Express Card Division. He currently serves on 3M Corporation’s Visual Privacy Security Advisory Board and has been a Ponemon Fellow since that program’s inception. He is a Northwestern University graduate
Steve Riley is an evangelist and strategist for cloud computing at Amazon Web Services, working to help organizations understand how to integrate their environments with the cloud to extend reach, increase utilization, and respond to rapid business changes. His work includes helping organizations understand and address security, privacy, and compliance concerns that arise when information processing and storage occurs in multi-tenant and shared environments. Previously he worked in the Trustworthy Computing Group at Microsoft where he helped thousands of customers improve their security awareness, raise their technical abilities, and strengthen their security strategies. He was a member of the team that established Microsoft's highly successful Chief Security Officer Council program, which provided a forum for CSOs to directly influence product direction and development.
Steve's specialties include network and host security, compliance, reliability, privacy, and policy. Steve has spoken at hundreds of events around the world, including RSA, SANS, Black Hat Windows, InfoSec US, (ISC)2, IANS, TechEd, and Connections. He co-authored a book about Windows network security and has published numerous articles. Born with an Ethernet cable attached to his belly button, Steve grew up in networking and telecommunications. Besides lurking in the Internet's dark alleys and secret passages, he enjoys freely sharing his opinions about the intersection of technology and culture. He writes at http://stvrly.wordpress.com, tweets as @steveriley, and emails from firstname.lastname@example.org.
Greg Schaffer is the Assistant Secretary for Cybersecurity and Communication for the United States Department of Homeland Security. Formerly, Mr. Schaffer was the Chief Information Security Officer, Chief Security Officer and ultimately Chief Risk Officer for ALLTEL Communications, LLC., responsible for enterprise wide security and privacy strategy and policy development, implementation and execution as well as regulatory oversight and compliance process improvement.
Mr. Schaffer joined ALLTEL after serving as a Director in PricewaterhouseCoopers, LLP Cybercrime Prevention and Response (CPR) Practice for four years where he was responsible for managing a wide range of computer security, forensic, investigative and litigation support electronic discovery related projects for PwC clients. Prior to joining PwC Mr. Schaffer was a computer crime prosecutor at the United States Department of Justice Computer Crime and Intellectual Property Section. At the Justice Department Mr. Schaffer was responsible for day-to-day management of domestic and international investigations involving various crimes including computer hacking, illegal wiretaps and economic espionage.
Prior to joining DOJ Mr. Schaffer was a partner with the law firm of Manatt, Phelps & Phillips specializing in civil litigation related to computer technology issues. From 2001 to 2004, Mr. Schaffer also served as an adjunct professor at Georgetown University teaching a course on information security for international business.
An expert in big data, social business intelligence, information security and digital privacy, Vincent’s extensive expertise spans a wide array of industries as a pioneer of landmark innovations and disruptive technologies. Currently he is Co-Founder and CEO of ListenLogic (ListenLogic.com), the industry’s leading provider of advanced social intelligence and social threat protection to the world's enterprises. ListenLogic features the industries largest and most advanced social business command center, able to process over one billion operations per second.
Vince is the author of Social Business Intelligence: Reducing Risk, Building Brands and Driving Growth with Social Media (2013) and Avoiding #FAIL: Mitigating Risk, Managing Threats and Protecting The Corporation in the Age of Social Media (2013).
Previously he was Co-Founder and Chief Strategy Officer of TurnTide (acquired by Symantec), Co-Founder, Chief Executive Officer of ePrivacy Group, Founder and Partner of InfoSec Labs (acquired by SafeNet) and Co-Founder and Chief Executive Officer of 4Anything.com.
Howard A. Schmidt
Mr. Howard A. Schmidt is president and CEO of R & H Security Consulting, LLC.
He served as vice president and chief information security officer and chief security strategist for eBay. Most recently, Schmidt was chief security strategist for the U.S. CERT Partners Program for the National Cyber Security Division in the Department of Homeland Security.
He retired from the White House after 31 years of public service in local and federal governments, including the Air Force Office of Special Investigations and the FBI National Drug Intelligence Center. He was appointed by President Bush as the vice chair (later becoming chair) of the President's Critical Infrastructure Protection Board and as the special adviser for Cyberspace Security for the White House. Prior to the White House, Schmidt was chief security officer for Microsoft.
Schmidt is the international president of the Information Systems Security Association and was the first president of the Information Technology Information Sharing and Analysis Center. Schmidt has been appointed to the Information Security Privacy Advisory Board to advise the National Institute of Standards and Technology, the secretary of Commerce and the director of the Office of Management and Budget on information security and privacy issues.
Winn Schwartau is one of the world's top experts on security, privacy, infowar, cyber-terrorism and related topics. He coined the terms Electronic Pearl Harbor while trstifying before Congress in 1991. Winn Schwartau thinks asymmetrically and has been “Security” for 30 years. If you want originality in thought, writing, presentations or any aspect of Security, call Winn. In addition to being called, “The Civilian Architect of Information Warfare,” he is one of the country's most sought after experts on information security, infrastructure protection and electronic privacy.
Provocative, informed, challenging, he's on the leading edge of thinking, writing and speaking. Highly technical security subjects are made understandable, entertaining, engaging and thought-provoking. Audiences find themselves challenged with original ideas which are related through historical analogy and metaphor and made relevant to the present and future world.
He was named one of the Top-20 security industry pioneers by SC Magazine, one of the Top 25 Most Influential People for 2008 by Security Magazine, one of the Top 5 Security Thinkers for 2007 by SC Magazine and In 2002, honored as a “Power Thinker” and one of the 50 most powerful people by Network World.
A prolific writer, his seminal works on Information Warfare in the late 80s and 90s defined cyber conflict. His novel, Pearl Harbor Dot Com begat Die Hard IV and more than 3,000 articles and speeches later, Winn is still the ‘go to guy’ when people want straight shooting, no-BS originality, interpretation and prognostication. His predictions began in 1988 and have been alarmingly accurate. “I would rather people listened and acted then be right.”
Eddie Schwartz is Vice President and Chief Information Security Officer (CISO) for RSA and has over 25 years experience in the information security field. Previously, he was Co-Founder and CSO of NetWitness (acquired by EMC), CTO of ManTech, EVP and General Manager of Global Integrity (acquired by INS), SVP of Operations of Guardent (acquired by VeriSign), CISO of Nationwide Insurance, a Senior Computer Scientist at CSC, and a Foreign Service Officer with the U.S. Dept. of State.
Mr. Schwartz has advised a number of early stage security companies, and has led numerous industry committees and working groups. He is a recipient of the 2013 Computerworld Premier 100 IT Leaders Award. Mr. Schwartz has a B.I.S. in Information Security Management and an M.S. in Information Technology Management from the George Mason University School of Management.
Amichai Shulman is Co-Founder and CTO of Imperva, where he heads the Application Defense Center (ADC), Imperva's internationally recognized research organization focused on security and compliance. Mr. Shulman regularly lectures at trade conferences such as RSA and Infosec and delivers monthly eSeminars. He is also tutoring undergraduate students in Information Security projects in the Technicon, Israel's leading academic institute.
The press draws on Mr. Shulman's expertise to comment on breaking news, including security breaches, mitigation techniques and related technologies. Under his direction, the ADC has been credited with the discovery of serious vulnerabilities in commercial Web application and database products, including Oracle, IBM and Microsoft.
Prior to Imperva, Mr. Shulman was founder and CTO of Edvice Security Services Ltd., a consulting group that provided application and database security services to major financial institutions, including Web and database penetration testing and security strategy, design and implementation.
Mr. Shulman served in the Israel Defense Forces, where he led a team that identified new computer attack and defense techniques. He has a B.Sc and Master Degree in Computer Science from the Technion, Israel Institute of Technology.
Al Silipigni leads the privacy function at HSBC – one of the largest banking and financial services organization in the world. Mr. Silipigni leads the strategic direction for privacy risk consistent with HSBC’s corporate objectives and risk appetite promoting a strong culture and commitment to customer and employee privacy. Mr. Silipigni believes that privacy is both a regulatory and operational risk - and when done right is a driver of innovation, best in class economics and customer loyalty. Furthermore, it is the consistent execution of core privacy principles that drives trust with regulators, employees and customers – a goal for any Privacy Practitioner.
Prior to HSBC, Mr. Silipigni held positions of increasing responsibility at the American Express Company culminating as Chief Privacy Officer. Consumer research named American Express “the most trusted company for customer privacy” during his tenure.
Prior to American Express, Mr. Silipigni was vice president strategic marketing at JPMorganChase with a focus on introducing new products and services. He was Senior Engagement Leader at Cap Gemini/Ernst & Young where his focus was on embedding emerging technology into the core business practices of established companies. As vice president/client partner for interactive digital marketing within the Omnicom Group – his focus was on translating offline brands into the online space.
Mr. Silipigni is a long term member of the Responsible Information Management Council of the Ponemon Institute. Mr. Silipigni is a founding member of The Future of Privacy Forum Advisory Board (FPF). FPF is a Washington, DC based think tank seeking to advance responsible data practices. Mr. Silipigni sits on the Education Advisory Board of the IAPP and was elected to chair the 2013 IAPP Practical Privacy Series for Financial Services in NYC. Mr. Silipigni is an elected member of the Regulatory Steering Committee of BITS of the Financial Services Roundtable.
In 2013, Mr. Silipigni was recognized as a Privacy by Design (PbD) Ambassador for his commitment and advocacy for the protection of personal information.
Mr. Silipigni recently published his first book “Practioner’s Guide to Financial Institution Privacy” on operationalizing privacy. Published by Thomson Reuters, the book is co-authored by Mr. Andrew Serwin, of Morrison and Foerster.
Mr. Silipigni is a Certified Information Privacy Profession with the IAPP. He has an MBA from the NYU Stern School of Business and BS from Lehigh University.
Daniel Solove is the John Marshall Harlan Research Professor of Law at George Washington University Law School. He began teaching law at Seton Hall Law School in 2000. He joined the George Washington University Law School faculty in 2004.
Professor Solove writes in the areas of information privacy law, cyberspace law, law and literature, jurisprudence, legal pragmatism and constitutional theory. He teaches information privacy law, criminal procedure, criminal law and law and literature.
An internationally known expert in privacy law, Professor Solove has been interviewed and quoted by the media in several hundred articles and broadcasts, including the New York Times, Washington Post, Wall Street Journal, USA Today, Chicago Tribune, the Associated Press, ABC, CBS, NBC, CNN and NPR.
Professor Solove has consulted in high-profile privacy law cases, contributed to amicus briefs before the US Supreme Court and testified before Congress. He serves on the advisory boards of the Electronic Frontier Foundation and the Future of Privacy Forum and he is on the board of the Law and Humanities Institute. Professor Solove blogs at Concurring Opinions, which covers issues of law, culture and current events. ABA Journal selected it as among the 100 best law blogs.
Dan Swartwood is currently the Information Security Governance Leader for Mars, Inc. Prior to this he was the Director, Information Safeguarding,for the Walt Disney Company. Dan has focused his career on data protection, privacy and intellectual property protection issues.
Prior to Disney, Dan provided leadership to all aspects of Motorola's global Data Protection efforts as the Deputy CISO. Before Motorola, he was the Data Privacy Officer at HP and the first ever Corporate Privacy Manager at Compaq Computer. While at Compaq, he also served as the Corporate Information Security Manager. Prior to Compaq and after retiring as an US Army Counterintelligence Officer, Dan participated in an independent review of the White House security program at the request of the Director US Secret Service.
For the last seven years, Dan has served as the Vice President of the Society for the Policing of Cyber Space (www.polcyb.org). POLCYB is the leading international non-profit organization helping third world countries in developing infrastructure to deal with the growing threat from cyber crime. He has lead efforts to create a global cyber crime survey targeted at international law enforcement, prosecutorial and judicial officials to better understand the challenges they face dealing with international cyber crime. He has also lead an effort to create a certificate program to help train the same groups in managing the international aspects of cyber crime enforcement.
He was the first and only Chairperson of the International Association of Privacy Professionals Certification Panel, which created the first privacy certification program. Dan is one of the original Certified Information Privacy Professionals. In Oct 2007, He was identified as one of the top 25 privacy professionals in America. He is the co-author of five bi-annual proprietary information loss surveys sponsored by the American Society for Industrial Security, International, and has authored articles and speaks at national and international conferences. He holds a Master of Science degree in Strategic Intelligence from the US Defense Intelligence College.
Ms. Patricia Titus is a serial Chief Information Security Officer and is currently a member on the Board of Directors for CyberUnited, a leading insider threat security informatics company. She is also on the Technical Advisory Board for Co3 Systems and Blue Ridge Networks. As a board member Titus draws on her more than 22 years of security experience to help drive innovation and combat cyber security threats and response.
Ms. Titus is the former Vice President and Chief Information Security Officer at Symantec, where she was responsible for rehabilitating the information security program. Ms. Titus played a strategic role in protecting Symantec’s IT resources, infrastructure and information assets.
Prior to joining Symantec, Ms. Titus was Vice President and Global Chief Information Security Officer for Unisys Corporation and was the former Chief information Security Officer at the Transportation Security Administration within the Department of Homeland Security. Ms. Titus also worked overseas for several years in various positions within the U.S. Department of Defense, the U.S. State Department and various private sector firms.
Ms. Titus is an active member in multiple industry forums and associations focused on cyber security. She was a recipient of the Women of Influence award from both the Silicon Valley Business Journal in 2013 and the Executive Women’s Forum in 2009. She also participates in the National Association for Professional Women and serves on the Women’s Advisory Board for the Girl Scouts Council of the Nation’s Capital.
Bryant G. Tow has over 20 years of experience in the IT industry both as an entrepreneur and senior executive. Bryant has held responsibilities within all aspects of the security industry including: thought leadership in the area of cyber security, award winning development of security solutions, go-to-market and business development strategies, managing large global cyber and physical security teams. Bryant currently works as a thought leader in the security industry and a trusted advisor by regularly meeting with clients, speaking at industry events, working with industry analyst, media outlets and law enforcement.
As the recent Chief Security Officer for CSC‘s Financial Services Group (FSG), Bryant enhanced the security posture of the FSG solutions and quantifiably reduced risk by developing the global security strategy and executing necessary programs to ensure the confidentiality, integrity and availability of FSG’s intellectual property. Bryant has held several leadership positions in the security industry including the Department of Homeland Security and the FBI and is currently serving as a Vice President of the InfraGard National Members Alliance an FBI public/private alliance program boasting over forty-five thousand members. Bryant has published several books and articles on cyber security topics and has received several awards including "Governor's Office of Homeland Security Award for Exceptional Contribution in Recognition of Outstanding Support of Tennessee's Counter Terrorism Program.
Mr. MacDonnell Ulsch is President and Chief Risk Analyst of ZeroPoint Risk Research, LLC and the author of the book THREAT! Managing Risk in a Hostile World. His area of expertise is in privacy and counter-economic espionage. Mr. Ulsch has conducted many research studies in the subject area and advises a wide range of clients. He is widely published and has been quoted in the Wall Street Journal, the New York Times, ForbesBusinessWeek, the Boston Globe, CNN.com, and many other publications. Mr. Ulsch has appeared on radio and television as a national security and risk analyst. Previously, he was Trusted Advisor to the United Secrecy Commission under Senators Jesse Helms and Daniel Patrick Moynihan and co-authored an information security policy paper with U.S. Senator Sam Nunn. He worked at the National Security Institute, focusing on economic and industrial espionage and advised the office of counter-intelligence of a U.S. President.
Mr. Ulsch currently serves on the board of the National Security Institute, and is a Distinguished Fellow of the Ponemon Institute. Mr. Ulsch is closely associated with The Institute of Internal Auditors Research Foundation. He has held executive positions at Pricewaterhouse Coopers, Gartner, Computer Intelligence, and Dun & Bradstreet. A frequent keynote speaker at industry events and for client seminars, he has also lectured at several universities, including Boston University and Boston College. Mr. Ulsch is the author of several learned books on cyber security and cyber terrorism.
David A. VanderNaalt
Mr. David A. VanderNaalt is a noted expert and consultant in the security industry. He is the former Chief Information Security Officer for the state of Arizona, leading the Statewide Information Security and Privacy Office. SISPO serves as the strategic planning, facilitation and coordination office for information technology security, privacy protection, and the protection of the technology critical infrastructure in the state.
Prior to assuming that position, David served the City of New York at the Department of Investigation in a dual role, as Director; Digital Forensic Investigations and Director, NYC Citywide Information Security Program. David served his last year with the City as Director of Citywide Continuance Planning at the Department of Information Technology in a cooperative role with the Office of Emergency Management, creating the baseline model for the City’s Continuity of Operations Plan.
David served in several capacities at American Express, including Director of worldwide network change and problem management; and led the creation of the worldwide Information Security group. David was the first corporate information security officer for AMEX worldwide operations.
In 1983, David created one of the first formal security groups in the US at Central & South West Services in Dallas, TX.
David proudly served in the US Navy from 1968 – 1971. David Studied Behavior Science at Grand Canyon College prior to entering the Navy.
Joseph Weiss, PE, CISM, CRISC, ISA Fellow, IEEE Senior Member, is an industry expert on control systems and electronic security of control systems, with more than 35 years of experience in the energy industry. He spent more than 14 years at the Electric Power Research Institute (EPRI) where he led a variety of programs including the Nuclear Plant Instrumentation and Diagnostics Program, the Fossil Plant Instrumentation & Controls Program, the Y2K Embedded Systems Program and, the cyber security for digital control systems. As Technical Manager, Enterprise Infrastructure Security (EIS) Program, he provided technical and outreach leadership for the energy industry's critical infrastructure protection (CIP) program.
Mr. Weiss was responsible for developing many utility industry security primers and implementation guidelines. He was also the EPRI Exploratory Research lead on instrumentation, controls, and communications. He serves as a member of numerous organizations related to control system security. These include the North American Electric Reliability Corporation (NERC) Control Systems Security Working Group (CSSWG), the International Electrotechnical Commission (IEC) Technical Committee (TC) 57 Working Group 15 - Data and Communication Security, the Process Controls Security Requirements Forum, CIGRÉ WG D2.22 - Treatment of Information Security for Electric Power Utilities (EPUs), IEEE P2030 Smart Grid Standards, and other industry working groups. He served as the Task Force Lead for review of information security impacts on IEEE standards. He is also a designated US expert to IEC TC45 Nuclear Plant Cyber Security Standards.
Mr. Weiss was involved in the development of, and participated in, the April 2002 White House Conference on CIP - “Developing Secure Digital/Electronic Process Control Systems for the Nation's Critical Infrastructures.” He was an invited speaker at the NIST/NSA Information Security Summit. He has provided oral and written testimony to three House subcommittees, one Senate Committee, and a formal statement for the record to another House Committee. He has also responded to numerous Government Accountability Office (GAO) information requests on cyber security and Smart Grid issues. He has published over 60 papers on instrumentation, controls, and diagnostics including a chapter on cyber security for Electric Power Substations Engineering and the book Protecting Industrial Control Systems from Electronic Threats (ISBN 978-1-60650-197-9). He was also a co-author of Cyber Security Policy Guidebook (ISBN 978-1-1180-2780-6).
Mr. Weiss supported MITRE and NIST in extending NIST SP800-53 to include control systems and the development of NIST SP800-82. He was tasked to write the White Paper on Industrial Control Systems Security for the Center for Strategic and International Studies Blue Ribbon Panel preparing cyber security recommendations for the Obama administration. He was an invited participant to the 2009 NITRD Leap Year Summit and the 2009 NERC High Impact-Low Frequency (HILF) Task Force. He has conducted SCADA, substation, plant control system, and water systems vulnerability and risk assessments and conducted short courses on control system security. He has also been asked to participate in an advisory committee being established by the Transportation Safety Board on Cyber Security for Mass Transit. He participated in the 2011 NERC Cyber Attack Task Force. He also established and chairs the annual Control System Cyber Security Conference and established the International Standards Coordination Meeting on Control System Cyber Security.
Mr. Weiss has received numerous industry awards, including EPRI Presidents Award (2002) and is an IEEE Senior Member, an ISA Fellow, and a member of the ISA Standards and Practices Board. He has two patents on instrumentation and control systems, is a registered professional engineer in the State of California, a Certified Information Security Manager (CISM), and Certified in Risk and Information Systems Control (CRISC).
Alan S. Wernick
ALAN S. WERNICK is a partner in the Chicago office of FSB FisherBroyles, LLP – a 60 lawyer law firm that started in 2002 and has been recognized by U.S. News & World Report Best Law Firms for Information Technology Law. His practice since 1982 focuses on providing sensible and tactical legal advice to clients on significant information technology, electronic commerce, intellectual property, data privacy/security transactions, and dispute management. Mr. Wernick's experience includes drafting and/or negotiating practically every type of information technology contract and transaction. He serves as a counselor and advocate for his clients in the management and resolution of a wide range of legal disputes, including analysis of potential risks, dispute avoidance, negotiation of settlements, and guidance through litigation, appeals, and the arbitration/mediation processes.
Mr. Wernick, admitted in IL, NY, OH, and DC, has extensive contract negotiating and drafting experience, and has served as an arbitrator/mediator of information technology and intellectual property disputes for more than 26 years. That experience, coupled with a background in computer programming, technology, and accounting, enables him to provide practical strategic advice and realistic risk assessments. A frequent lecturer and writer (whose publications include an Info Tech Law column for Chicago Lawyer magazine), he has been selected as a Leading Lawyer in Computer & Technology Law, International Who's Who of Internet & e-Commerce Lawyers, and is a Martindale-Hubbell® AV rated attorney.
Mr. Wernick's professional activities include serving on Advisory Boards for publications by BNA and Wolters Kluwer, and as a member of the Alumni Board for the Fisher College of Business at The Ohio State University. For details about his firm see WWW.FSBLEGAL.COM. Additional details concerning Mr. Wernick's practice, his published writings and public lectures are available at WWW.WERNICK.COM. His direct phone number is 847.786.1005 and email is Wernick@fsblegal.com.
Ashley Winton is Chair of the Global Data, Privacy and Cyber Group at White & Case LLP. Formerly a computer designer, he advises on effective data protection law, privacy and information security compliance, particularly for global enterprises and businesses with international reach. â¨â¨He has a particular interest in global compliance matters such as international data transfer, data breach and online behavioural advertising. He also advises on e-discovery procedures in the context of international litigation or investigations, and on efficient document retention strategies â¨as an effective mitigant of risk.
Ashley’s clients include a number of global financial institutions, one of the world's most well-known computer manufacturers, a number of well-known consumer electronics multinationals, one of the world's largest electronic component distributors, a Fortune 50 retailer and many other multinational corporations.â¨â¨He regularly speaks at industry and academic conferences and is a recognized as a leading practitioner in the data protection and IT areas by independent legal directories.
Martin Wülfert is a founding partner of Your Business Lab, a consulting firm that specializes in product, go-to-market and M&A strategy with a particular focus on the IT Security industry. Your Business Lab has customers in North America, Europe as well as Israel and assists multiple private equity funds to acquire, re-position or divest portfolio companies.
Before founding YBL, Martin managed the public firm Utimaco Safeware AG as CEO for over seven years until the company was acquired by and integrated into Sophos. Utimaco developed leading technologies in the areas of disk and file encryption as well as hardware security modules and lawful interception solutions.
Prior to Utimaco, Martin served at various management positions in the Novartis group, including being a division CIO for many years, integration manager in Australia & New Zealand and general manager of Novartis Animal Health in Germany.
Martin holds a diploma in Theoretical Physics from the University of Basel, Switzerland.